From 1cabd594f224825bd0eae543216d87801091c33c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 23 Apr 2009 16:33:39 +0200 Subject: fix for pam proxy chauthtok When a user from a domain served by the proxy backend changes his password with passwd the passwd command asks for the old password, but it is not validated by the pam_chauthtok call in the proxy backend, because it is running as root. If the request is coming the unpriviledged socket we now call pam_authenticate explicitly before pam_chauthtok. --- server/responder/pam/pamsrv_cmd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'server/responder/pam/pamsrv_cmd.c') diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c index 158cb32d8..407d7fb98 100644 --- a/server/responder/pam/pamsrv_cmd.c +++ b/server/responder/pam/pamsrv_cmd.c @@ -295,6 +295,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) } pd->cmd = pam_cmd; + pd->priv = cctx->priv; ret = pam_parse_in_data(cctx->rctx->names, pd, body, blen); if (ret != EOK) { talloc_free(preq); -- cgit