diff options
| author | Jeremy Allison <jra@samba.org> | 1998-04-30 01:39:22 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-04-30 01:39:22 +0000 |
| commit | 3eae1e3f8e53c51f638b1b381085f29feea1c517 (patch) | |
| tree | 92950328598c40648d89557bf0b2048f0a8bd606 /source3/smbd | |
| parent | 90177708aaf5bf17d689979701b5f0156b8a2fa4 (diff) | |
| download | samba-3eae1e3f8e53c51f638b1b381085f29feea1c517.tar.gz samba-3eae1e3f8e53c51f638b1b381085f29feea1c517.tar.bz2 samba-3eae1e3f8e53c51f638b1b381085f29feea1c517.zip | |
Added patch from Bruce Tenison <btenison@dibbs.net> to allow encrypted
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
(This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/chgpasswd.c | 8 | ||||
| -rw-r--r-- | source3/smbd/ipc.c | 2 | ||||
| -rw-r--r-- | source3/smbd/password.c | 32 |
3 files changed, 38 insertions, 4 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 92bdb1adf0..4bdfaec453 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -536,7 +536,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi /* Now write it into the file. */ become_root(0); - ret = mod_smbpwd_entry(smbpw); + ret = mod_smbpwd_entry(smbpw,False); unbecome_root(0); return ret; @@ -632,9 +632,11 @@ BOOL check_oem_password(char *user, unsigned char *data, /*********************************************************** Code to change the oem password. Changes both the lanman and NT hashes. + override = False, normal + override = True, override XXXXXXXXXX'd password ************************************************************/ -BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd) +BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override) { int ret; fstring upper_case_new_passwd; @@ -654,7 +656,7 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd) /* Now write it into the file. */ become_root(0); - ret = mod_smbpwd_entry(smbpw); + ret = mod_smbpwd_entry(smbpw,override); unbecome_root(0); memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd)); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e3dcda9004..2f9cc00dc9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1719,7 +1719,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat if(lp_unix_password_sync()) chgpasswd(user,"", new_passwd, True); - if(change_oem_password( smbpw, new_passwd)) { + if(change_oem_password( smbpw, new_passwd, False)) { SSVAL(*rparam,0,NERR_Success); } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 180c51f4ea..57e7775b71 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -423,6 +423,31 @@ static char *osf1_bigcrypt(char *password,char *salt1) } #endif +/**************************************************************************** +update the encrypted smbpasswd file from the plaintext username and password +*****************************************************************************/ +BOOL update_smbpassword_file( char *user, fstring password) +{ + struct smb_passwd *smbpw; + BOOL ret; + + become_root(0); + smbpw = getsmbpwnam(user); + unbecome_root(0); + + if(smbpw == NULL) + { + DEBUG(0,("update_smbpassword_file: getsmbpwnam returned NULL\n")); + return False; + } + + /* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */ + ret = change_oem_password( smbpw, password, True); + if (ret == False) + DEBUG(3,("update_smbpasswd_file: change_oem_password returned False\n")); + + return ret; +} /**************************************************************************** update the enhanced security database. Only relevant for OSF1 at the moment. @@ -1051,6 +1076,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) struct passwd *pass; char challenge[8]; struct smb_passwd *smb_pass; + BOOL update_encrypted = lp_update_encrypted(); BOOL challenge_done = False; if (password) password[pwlen] = 0; @@ -1231,6 +1257,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) if (password_check(password)) { update_protected_database(user,True); + if (update_encrypted) + update_smbpassword_file(user,password); return(True); } @@ -1248,6 +1276,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) if (password_check(password)) { update_protected_database(user,True); + if (update_encrypted) + update_smbpassword_file(user,password); return(True); } @@ -1268,6 +1298,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) if (string_combinations(password,password_check,level)) { update_protected_database(user,True); + if (update_encrypted) + update_smbpassword_file(user,password); return(True); } |