summaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/responder/pam/pam_LOCAL_domain.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 995dfc2d6..4671eb9b3 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -310,6 +310,11 @@ static void pam_handler_callback(void *pvt, int ldb_status,
switch (lreq->pd->cmd) {
case SSS_PAM_AUTHENTICATE:
case SSS_PAM_CHAUTHTOK:
+ if (lreq->pd->cmd == SSS_PAM_CHAUTHTOK && lreq->cctx->priv == 1) {
+/* TODO: maybe this is a candiate for an explicit audit message. */
+ DEBUG(4, ("allowing root to reset a password.\n"));
+ break;
+ }
ret = authtok2str(lreq, lreq->pd->authtok,
lreq->pd->authtok_size, &authtok);
NEQ_CHECK_OR_JUMP(ret, EOK, ("authtok2str failed.\n"),
generated by cgit (git 2.34.1) at 2024-05-19 02:19:26 +0000