From 41a6e526a61ac54886504bfdb060fa09c8996ae3 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 18 Dec 2009 15:17:16 -0500
Subject: Fix broken password changes for local users

---
 server/responder/pam/pam_LOCAL_domain.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'server')

diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 41d64b3e6..b98459d69 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -367,7 +367,10 @@ static void local_handler_callback(void *pvt, int ldb_status,
     switch (pd->cmd) {
         case SSS_PAM_AUTHENTICATE:
         case SSS_PAM_CHAUTHTOK:
-            if (pd->cmd == SSS_PAM_CHAUTHTOK && lreq->preq->cctx->priv == 1) {
+        case SSS_PAM_CHAUTHTOK_PRELIM:
+            if ((pd->cmd == SSS_PAM_CHAUTHTOK ||
+                 pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) &&
+                lreq->preq->cctx->priv == 1) {
 /* TODO: maybe this is a candiate for an explicit audit message. */
                 DEBUG(4, ("allowing root to reset a password.\n"));
                 break;
@@ -417,6 +420,8 @@ static void local_handler_callback(void *pvt, int ldb_status,
             break;
         case SSS_PAM_CLOSE_SESSION:
             break;
+        case SSS_PAM_CHAUTHTOK_PRELIM:
+            break;
         default:
             lreq->error = EINVAL;
             DEBUG(1, ("Unknown PAM task [%d].\n"));
-- 
cgit