summaryrefslogtreecommitdiff
path: root/source3/smbd/auth_unix.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-29 13:08:26 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-29 13:08:26 +0000
commit81697d5ebe33ad95dedfc376118fcdf0367cf052 (patch)
treebe7dbc8cf2713a1ea9cf7088896e7a0e10968ade /source3/smbd/auth_unix.c
parent14cc9a3101f7ec88fa464f934e3dc2c081eccf8a (diff)
downloadsamba-81697d5ebe33ad95dedfc376118fcdf0367cf052.tar.gz
samba-81697d5ebe33ad95dedfc376118fcdf0367cf052.tar.bz2
samba-81697d5ebe33ad95dedfc376118fcdf0367cf052.zip
Fix up a number of intertwined issues:
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
Diffstat (limited to 'source3/smbd/auth_unix.c')
-rw-r--r--source3/smbd/auth_unix.c32
1 files changed, 24 insertions, 8 deletions
diff --git a/source3/smbd/auth_unix.c b/source3/smbd/auth_unix.c
index 5582682d98..0d73988d8a 100644
--- a/source3/smbd/auth_unix.c
+++ b/source3/smbd/auth_unix.c
@@ -31,7 +31,7 @@ this ugly hack needs to die, but not quite yet...
static BOOL update_smbpassword_file(char *user, char *password)
{
SAM_ACCOUNT *sampass = NULL;
- BOOL ret;
+ BOOL ret;
pdb_init_sam(&sampass);
@@ -41,7 +41,7 @@ static BOOL update_smbpassword_file(char *user, char *password)
if(ret == False) {
DEBUG(0,("pdb_getsampwnam returned NULL\n"));
- pdb_free_sam(sampass);
+ pdb_free_sam(&sampass);
return False;
}
@@ -49,16 +49,32 @@ static BOOL update_smbpassword_file(char *user, char *password)
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
- pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED);
+ if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
+ pdb_free_sam(&sampass);
+ return False;
+ }
+
+ if (!pdb_set_plaintext_passwd (sampass, password)) {
+ pdb_free_sam(&sampass);
+ return False;
+ }
- /* Here, the flag is one, because we want to ignore the
+ /* Now write it into the file. */
+ become_root();
+
+ /* Here, the override flag is True, because we want to ignore the
XXXXXXX'd out password */
- ret = change_oem_password( sampass, password, True);
- if (ret == False) {
- DEBUG(3,("change_oem_password returned False\n"));
+ ret = pdb_update_sam_account (sampass, True);
+
+ unbecome_root();
+
+ if (ret) {
+ DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
}
- pdb_free_sam(sampass);
+ memset(password, '\0', strlen(password));
+
+ pdb_free_sam(&sampass);
return ret;
}