diff options
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_pam.go | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go index 353fe5e..607c550 100644 --- a/go/parabola_hackers/nslcd_backend/db_pam.go +++ b/go/parabola_hackers/nslcd_backend/db_pam.go @@ -137,8 +137,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ user := o.users[uid] // Check the OldPassword - switch req.AsRoot { - case 0: /* user password */ + if req.AsRoot == 1 && cred.Uid == 0 { + // bypass the password check + } else { if !checkPassword(req.OldPassword, user.Passwd.PwHash) { ret <- p.PAM_PwMod{ Result: p.NSLCD_PAM_PERM_DENIED, @@ -146,11 +147,6 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ } return } - case 1: /* root password */ - // do nothing - default: - logger.Info("Invalid AsRoot value in PwMod request: %d", req.AsRoot) - return } // Update the PwHash in memory |