From 1cabd594f224825bd0eae543216d87801091c33c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 23 Apr 2009 16:33:39 +0200 Subject: fix for pam proxy chauthtok When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok. --- server/providers/dp_auth_util.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'server/providers/dp_auth_util.c') diff --git a/server/providers/dp_auth_util.c b/server/providers/dp_auth_util.c index 99e57e2e..630dafe8 100644 --- a/server/providers/dp_auth_util.c +++ b/server/providers/dp_auth_util.c @@ -34,6 +34,7 @@ void pam_print_data(int l, struct pam_data *pd) DEBUG(l, ("authtok size: %d\n", pd->authtok_size)); DEBUG(l, ("newauthtok type: %d\n", pd->newauthtok_type)); DEBUG(l, ("newauthtok size: %d\n", pd->newauthtok_size)); + DEBUG(l, ("priv: %d\n", pd->priv)); } int pam_add_response(struct pam_data *pd, enum response_type type, @@ -74,6 +75,7 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &(pd->newauthtok), pd->newauthtok_size, + DBUS_TYPE_INT32, &(pd->priv), DBUS_TYPE_INVALID); return ret; @@ -99,6 +101,7 @@ bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbu DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &(pd->newauthtok), &(pd->newauthtok_size), + DBUS_TYPE_INT32, &(pd->priv), DBUS_TYPE_INVALID); return ret; -- cgit