summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-04-30 01:39:22 +0000
committerJeremy Allison <jra@samba.org>1998-04-30 01:39:22 +0000
commit3eae1e3f8e53c51f638b1b381085f29feea1c517 (patch)
tree92950328598c40648d89557bf0b2048f0a8bd606 /source3/smbd
parent90177708aaf5bf17d689979701b5f0156b8a2fa4 (diff)
downloadsamba-3eae1e3f8e53c51f638b1b381085f29feea1c517.tar.gz
samba-3eae1e3f8e53c51f638b1b381085f29feea1c517.tar.bz2
samba-3eae1e3f8e53c51f638b1b381085f29feea1c517.zip
Added patch from Bruce Tenison <btenison@dibbs.net> to allow encrypted
passwords to be stored over time, allowing a smbpasswd file migration. Adds new parameter "update encrypted". Will also add to 1.9.18 branch. Docs update to follow. Jeremy. (This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/chgpasswd.c8
-rw-r--r--source3/smbd/ipc.c2
-rw-r--r--source3/smbd/password.c32
3 files changed, 38 insertions, 4 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 92bdb1adf0..4bdfaec453 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -536,7 +536,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi
/* Now write it into the file. */
become_root(0);
- ret = mod_smbpwd_entry(smbpw);
+ ret = mod_smbpwd_entry(smbpw,False);
unbecome_root(0);
return ret;
@@ -632,9 +632,11 @@ BOOL check_oem_password(char *user, unsigned char *data,
/***********************************************************
Code to change the oem password. Changes both the lanman
and NT hashes.
+ override = False, normal
+ override = True, override XXXXXXXXXX'd password
************************************************************/
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd)
+BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override)
{
int ret;
fstring upper_case_new_passwd;
@@ -654,7 +656,7 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd)
/* Now write it into the file. */
become_root(0);
- ret = mod_smbpwd_entry(smbpw);
+ ret = mod_smbpwd_entry(smbpw,override);
unbecome_root(0);
memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd));
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index e3dcda9004..2f9cc00dc9 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1719,7 +1719,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
if(lp_unix_password_sync())
chgpasswd(user,"", new_passwd, True);
- if(change_oem_password( smbpw, new_passwd)) {
+ if(change_oem_password( smbpw, new_passwd, False)) {
SSVAL(*rparam,0,NERR_Success);
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 180c51f4ea..57e7775b71 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -423,6 +423,31 @@ static char *osf1_bigcrypt(char *password,char *salt1)
}
#endif
+/****************************************************************************
+update the encrypted smbpasswd file from the plaintext username and password
+*****************************************************************************/
+BOOL update_smbpassword_file( char *user, fstring password)
+{
+ struct smb_passwd *smbpw;
+ BOOL ret;
+
+ become_root(0);
+ smbpw = getsmbpwnam(user);
+ unbecome_root(0);
+
+ if(smbpw == NULL)
+ {
+ DEBUG(0,("update_smbpassword_file: getsmbpwnam returned NULL\n"));
+ return False;
+ }
+
+ /* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */
+ ret = change_oem_password( smbpw, password, True);
+ if (ret == False)
+ DEBUG(3,("update_smbpasswd_file: change_oem_password returned False\n"));
+
+ return ret;
+}
/****************************************************************************
update the enhanced security database. Only relevant for OSF1 at the moment.
@@ -1051,6 +1076,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
struct passwd *pass;
char challenge[8];
struct smb_passwd *smb_pass;
+ BOOL update_encrypted = lp_update_encrypted();
BOOL challenge_done = False;
if (password) password[pwlen] = 0;
@@ -1231,6 +1257,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
if (password_check(password))
{
update_protected_database(user,True);
+ if (update_encrypted)
+ update_smbpassword_file(user,password);
return(True);
}
@@ -1248,6 +1276,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
if (password_check(password))
{
update_protected_database(user,True);
+ if (update_encrypted)
+ update_smbpassword_file(user,password);
return(True);
}
@@ -1268,6 +1298,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
if (string_combinations(password,password_check,level))
{
update_protected_database(user,True);
+ if (update_encrypted)
+ update_smbpassword_file(user,password);
return(True);
}