summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--go/parabola_hackers/nslcd_backend/db_pam.go10
1 files changed, 3 insertions, 7 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go
index 353fe5e..607c550 100644
--- a/go/parabola_hackers/nslcd_backend/db_pam.go
+++ b/go/parabola_hackers/nslcd_backend/db_pam.go
@@ -137,8 +137,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
user := o.users[uid]
// Check the OldPassword
- switch req.AsRoot {
- case 0: /* user password */
+ if req.AsRoot == 1 && cred.Uid == 0 {
+ // bypass the password check
+ } else {
if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
ret <- p.PAM_PwMod{
Result: p.NSLCD_PAM_PERM_DENIED,
@@ -146,11 +147,6 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
}
return
}
- case 1: /* root password */
- // do nothing
- default:
- logger.Info("Invalid AsRoot value in PwMod request: %d", req.AsRoot)
- return
}
// Update the PwHash in memory