summaryrefslogtreecommitdiff
path: root/server/responder/pam
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-04-23 16:33:39 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-04-27 07:03:08 -0400
commit1cabd594f224825bd0eae543216d87801091c33c (patch)
tree8fec444497a911e377d42de9e156eacb54a184b9 /server/responder/pam
parenta03f9612e6560d4aa32e2813cce1bad88b550713 (diff)
downloadsssd-1cabd594f224825bd0eae543216d87801091c33c.tar.gz
sssd-1cabd594f224825bd0eae543216d87801091c33c.tar.bz2
sssd-1cabd594f224825bd0eae543216d87801091c33c.zip
fix for pam proxy chauthtok
When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok.
Diffstat (limited to 'server/responder/pam')
-rw-r--r--server/responder/pam/pamsrv_cmd.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
index 158cb32d..407d7fb9 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -295,6 +295,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
}
pd->cmd = pam_cmd;
+ pd->priv = cctx->priv;
ret = pam_parse_in_data(cctx->rctx->names, pd, body, blen);
if (ret != EOK) {
talloc_free(preq);