added password reset by root

author: Sumit Bose <sbose@redhat.com> 2009-03-05 15:50:40 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-03-05 11:17:45 -0500
commit: 917979b52ceb2519be8b114ecb51d6a8e01fe0d7 (patch)
tree: f3352806b401ddb39b1fe66c409c9ef7b53c673b /server
parent: 52c4af0623a9fc22640a73935cb1b316583cc398 (diff)
download: sssd-917979b52ceb2519be8b114ecb51d6a8e01fe0d7.tar.gz
sssd-917979b52ceb2519be8b114ecb51d6a8e01fe0d7.tar.xz
sssd-917979b52ceb2519be8b114ecb51d6a8e01fe0d7.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 995dfc2d6..4671eb9b3 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -310,6 +310,11 @@ static void pam_handler_callback(void *pvt, int ldb_status,
     switch (lreq->pd->cmd) {
         case SSS_PAM_AUTHENTICATE:
         case SSS_PAM_CHAUTHTOK:
+            if (lreq->pd->cmd == SSS_PAM_CHAUTHTOK && lreq->cctx->priv == 1) {
+/* TODO: maybe this is a candiate for an explicit audit message. */
+                DEBUG(4, ("allowing root to reset a password.\n"));
+                break;
+            }
             ret = authtok2str(lreq, lreq->pd->authtok,
                               lreq->pd->authtok_size, &authtok);
             NEQ_CHECK_OR_JUMP(ret, EOK, ("authtok2str failed.\n"),
author	Sumit Bose <sbose@redhat.com>	2009-03-05 15:50:40 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-03-05 11:17:45 -0500
commit	917979b52ceb2519be8b114ecb51d6a8e01fe0d7 (patch)
tree	f3352806b401ddb39b1fe66c409c9ef7b53c673b /server
parent	52c4af0623a9fc22640a73935cb1b316583cc398 (diff)
download	sssd-917979b52ceb2519be8b114ecb51d6a8e01fe0d7.tar.gz sssd-917979b52ceb2519be8b114ecb51d6a8e01fe0d7.tar.xz sssd-917979b52ceb2519be8b114ecb51d6a8e01fe0d7.zip