diff options
| -rw-r--r-- | server/responder/pam/pam_LOCAL_domain.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c index 41d64b3e6..b98459d69 100644 --- a/server/responder/pam/pam_LOCAL_domain.c +++ b/server/responder/pam/pam_LOCAL_domain.c @@ -367,7 +367,10 @@ static void local_handler_callback(void *pvt, int ldb_status, switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK: - if (pd->cmd == SSS_PAM_CHAUTHTOK && lreq->preq->cctx->priv == 1) { + case SSS_PAM_CHAUTHTOK_PRELIM: + if ((pd->cmd == SSS_PAM_CHAUTHTOK || + pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && + lreq->preq->cctx->priv == 1) { /* TODO: maybe this is a candiate for an explicit audit message. */ DEBUG(4, ("allowing root to reset a password.\n")); break; @@ -417,6 +420,8 @@ static void local_handler_callback(void *pvt, int ldb_status, break; case SSS_PAM_CLOSE_SESSION: break; + case SSS_PAM_CHAUTHTOK_PRELIM: + break; default: lreq->error = EINVAL; DEBUG(1, ("Unknown PAM task [%d].\n")); |