Fix broken password changes for local users

1 files changed, 6 insertions, 1 deletions

diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 41d64b3e6..b98459d69 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -367,7 +367,10 @@ static void local_handler_callback(void *pvt, int ldb_status,
     switch (pd->cmd) {
         case SSS_PAM_AUTHENTICATE:
         case SSS_PAM_CHAUTHTOK:
-            if (pd->cmd == SSS_PAM_CHAUTHTOK && lreq->preq->cctx->priv == 1) {
+        case SSS_PAM_CHAUTHTOK_PRELIM:
+            if ((pd->cmd == SSS_PAM_CHAUTHTOK ||
+                 pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) &&
+                lreq->preq->cctx->priv == 1) {
 /* TODO: maybe this is a candiate for an explicit audit message. */
                 DEBUG(4, ("allowing root to reset a password.\n"));
                 break;
@@ -417,6 +420,8 @@ static void local_handler_callback(void *pvt, int ldb_status,
             break;
         case SSS_PAM_CLOSE_SESSION:
             break;
+        case SSS_PAM_CHAUTHTOK_PRELIM:
+            break;
         default:
             lreq->error = EINVAL;
             DEBUG(1, ("Unknown PAM task [%d].\n"));