Adding the same changes to HEAD as were added to BRANCH_1_9_18.

Changed smbpasswd to be client-server for a normal user, rather
than accessing the private/smbpasswd file directly (it still accesses
this file directly when run as root, so root can add users/change a
users password without knowing the old password).

A shakeout of this change is that smbpasswd can now be used to
change a users password on a remote NT machine (yep - you heard
that one right - we can now change a NT password from UNIX !!!!!).

Jeremy.
(This used to be commit 20770b6f1c25288e90d3e0d215afa7f0809ce124)

2 files changed, 65 insertions, 36 deletions

diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index 1cd2c54c43..24b3713598 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -1,10 +1,13 @@
-.TH SMBPASSWD 8 "08 Jan 1998" "smbpasswd 1.9.18"
+.TH SMBPASSWD 8 "19 Feb 1998" "smbpasswd 1.9.18p3"
 .SH NAME
 smbpasswd \- change a users smb password in the smbpasswd file.
 .SH SYNOPSIS
 .B smbpasswd
 [
-.B \-add
+.B \-a
+] [
+.B \-r
+remote_machine
 ] [
 .B username
 ]
@@ -27,14 +30,38 @@ smb password (specified by the string "NO PASSWORD" in the
 smbpasswd file) then just press the <Enter> key when asked
 for your old password.
 
+.B New for 1.9.18p4.
+smbpasswd will now allow a user to change their password
+on a Windows NT server. To use this add the 
+.I \-r
+.I \<remote_machine\>
+paramter to the smbpasswd command. The machine name is looked
+up using the "name resolve order" parameter defined in the
+smb.conf [global] section. Note that when changing a Windows
+NT password for a domain user,
+.I \<remote machine\>
+must be the name of the Primary domain controller.
+
+To allow users to change their passwords from "NO PASSWORD"
+in the smbpasswd file to a valid password the administrator
+must set the following parameter in the [global] section of
+the smb.conf :
+
+null passwords = true
+
+This is 
+.B NOT
+recommended as a general policy, it is recommended that
+new users be assigned a default password instead.
+
 The 
-.I \-add
+.I \-a
 and 
 .I username
 options can only be used by a user running as root.
 
 .SH OPTIONS
-.I \-add
+.I \-a
 
 .RS 3
 Specifies that the username following should be added to
@@ -70,13 +97,12 @@ It is recommended that the
 program be installed in the /usr/local/samba/bin directory. This should be
 a directory readable by all, writeable only by root. The program should be
 executable by all. The program 
-.B must
-be setuid root. This means the permissions should
-look like -r-sr-xr-x and the program must be owned by root.
+.B must not 
+be setuid root.
 
 .SH VERSION
 
-This man page is correct for version 1.9.17 of the Samba suite.
+This man page is correct for version 1.9.18p4 of the Samba suite.
 These notes will necessarily lag behind 
 development of the software, so it is possible that your version of 
 the program has extensions or parameter semantics that differ from or are not 
@@ -93,7 +119,7 @@ The
 .B smbpasswd
 command is only useful if
 .I Samba
-has been compiled with encrypted passwords. See the file
+has been set up to use encrypted passwords. See the file
 .I ENCRYPTION.txt
 in the docs directory for details on how to do this.
 
diff --git a/docs/textdocs/ENCRYPTION.txt b/docs/textdocs/ENCRYPTION.txt
index 315e7de53f..352f3457b4 100644
--- a/docs/textdocs/ENCRYPTION.txt
+++ b/docs/textdocs/ENCRYPTION.txt
@@ -1,8 +1,8 @@
 !==
-!== ENCRYPTION.txt for Samba release 1.9.18 08 Jan 1998
+!== ENCRYPTION.txt for Samba release 1.9.18p3 19 Feb 1998
 !==
 Contributor:	Jeremy Allison <samba-bugs@samba.anu.edu.au>
-Updated:	June 27, 1997
+Updated:	March 19, 1998
 Note:		Please refer to WinNT.txt also
 
 Subject:	LanManager / Samba Password Encryption.
@@ -207,7 +207,16 @@ bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Bob's
 If you are allowing users to use the smbpasswd command to set their own
 passwords, you may want to give users NO PASSWORD initially so they do
 not have to enter a previous password when changing to their new
-password (not recommended).
+password (not recommended). In order for you to allow this the
+smbpasswd program must be able to connect to the smbd daemon as
+that user with no password. Enable this by adding the line :
+
+null passwords = true
+
+to the [global] section of the smb.conf file (this is why the
+above scenario is not recommended). Preferebly, allocate your
+users a default password to begin with, so you do not have
+to enable this on your server.
 
 Note : This file should be protected very carefully. Anyone with
 access to this file can (with enough knowledge of the protocols) gain
@@ -220,22 +229,28 @@ The smbpasswd Command.
 The smbpasswd command maintains the two 32 byte password fields in
 the smbpasswd file. If you wish to make it similar to the unix passwd
 or yppasswd programs, install it in /usr/local/samba/bin (or your main
-Samba binary directory) and make it setuid root.
+Samba binary directory).
 
-Note that if you do not do this then the root user will have to set all
-users passwords.
+Note that as of Samba 1.9.18p4 this program MUST NOT BE INSTALLED
+setuid root (the new smbpasswd code enforces this restriction so
+it cannot be run this way by accident).
 
-To set up smbpasswd as setuid root, change to the Samba binary install
-directory and then type (as root) :
+smbpasswd now works in a client-server mode where it contacts
+the local smbd to change the users password on its behalf. This
+has enormous benefits - as follows.
 
-chown root smbpasswd
-chmod 4555 smbpasswd
+1). smbpasswd no longer has to be setuid root - an enourmous
+range of potential security problems is eliminated.
 
-If smbpasswd is installed as setuid root then you would use it as
-follows.
+2). smbpasswd now has the capability to change passwords
+on Windows NT servers (this only works when the request is
+sent to the NT Primary Domain Controller if you are changing 
+an NT Domain users password).
+
+To run smbpasswd as a normal user just type :
 
 smbpasswd
-Old SMB password: <type old alue here - just hit return if there is NO PASSWORD>
+Old SMB password: <type old value here - or hit return if there was no old password >
 New SMB Password: < type new value >
 Repeat New SMB Password: < re-type new value >
 
@@ -255,15 +270,8 @@ forgotten their passwords.
 smbpasswd is designed to work in the same way and be familiar to UNIX
 users who use the passwd or yppasswd commands.
 
-NOTE. As smbpasswd is designed to be installed as setuid root I would
-appreciate it if everyone examined the source code to look for
-potential security flaws. A setuid program, if not written properly can
-be an open door to a system cracker. Please help make this program
-secure by reporting all problems to me (the author, Jeremy Allison).
-
-My email address is :-
-
-jallison@whistle.com
+For more details on using smbpasswd refer to the man page which
+will always be the definitive reference.
 
 Setting up Samba to support LanManager Encryption.
 --------------------------------------------------
@@ -310,11 +318,6 @@ tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:And
 note that the uid and username fields must be right. Also, you must get
 the number of X's right (there should be 32).
 
-If you wish, install the smbpasswd program as suid root.
-
-chown root /usr/local/samba/bin/smbpasswd
-chmod 4555 /usr/local/samba/bin/smbpasswd
-
 5) set the passwords for users using the smbpasswd command. For
 example, as root you could do "smbpasswd tridge"