diff options
-rw-r--r-- | source3/auth/pampass.c | 5 | ||||
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_chgpasswd.c | 21 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 28 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_util.h | 4 |
5 files changed, 42 insertions, 19 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 6f8be1a38d..9d5b9f56be 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -863,7 +863,8 @@ NTSTATUS smb_pam_passcheck(const char * user, const char * password) * PAM Password Change Suite */ -bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword) +bool smb_pam_passchange(const char *user, const char *rhost, + const char *oldpassword, const char *newpassword) { /* Appropriate quantities of root should be obtained BEFORE calling this function */ struct pam_conv *pconv = NULL; @@ -872,7 +873,7 @@ bool smb_pam_passchange(const char * user, const char * oldpassword, const char if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL) return False; - if(!smb_pam_start(&pamh, user, NULL, pconv)) + if(!smb_pam_start(&pamh, user, rhost, pconv)) return False; if (!smb_pam_chauthtok(pamh, user)) { diff --git a/source3/include/proto.h b/source3/include/proto.h index 4b34ec0c00..1cafe9babc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -223,7 +223,8 @@ bool smb_pam_claim_session(char *user, char *tty, char *rhost); bool smb_pam_close_session(char *user, char *tty, char *rhost); NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost); NTSTATUS smb_pam_passcheck(const char * user, const char * password); -bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword); +bool smb_pam_passchange(const char *user, const char *rhost, + const char *oldpassword, const char *newpassword); bool smb_pam_claim_session(char *user, char *tty, char *rhost); bool smb_pam_close_session(char *in_user, char *tty, char *rhost); diff --git a/source3/rpc_server/srv_samr_chgpasswd.c b/source3/rpc_server/srv_samr_chgpasswd.c index 525f8382c6..d31215b321 100644 --- a/source3/rpc_server/srv_samr_chgpasswd.c +++ b/source3/rpc_server/srv_samr_chgpasswd.c @@ -486,7 +486,7 @@ while we were waiting\n", WTERMSIG(wstat))); return (chstat); } -bool chgpasswd(const char *name, const struct passwd *pass, +bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass, const char *oldpass, const char *newpass, bool as_root) { char *passwordprogram = NULL; @@ -546,9 +546,11 @@ bool chgpasswd(const char *name, const struct passwd *pass, become_root(); if (pass) { - ret = smb_pam_passchange(pass->pw_name, oldpass, newpass); + ret = smb_pam_passchange(pass->pw_name, rhost, + oldpass, newpass); } else { - ret = smb_pam_passchange(name, oldpass, newpass); + ret = smb_pam_passchange(name, rhost, oldpass, + newpass); } if (as_root) @@ -961,7 +963,10 @@ NTSTATUS check_password_complexity(const char *username, is correct before calling. JRA. ************************************************************/ -static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason) +static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost, + char *old_passwd, char *new_passwd, + bool as_root, + enum samPwdChangeReason *samr_reject_reason) { uint32 min_len; uint32 refuse; @@ -1054,7 +1059,8 @@ static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *ne */ if(lp_unix_password_sync() && - !chgpasswd(username, pass, old_passwd, new_passwd, as_root)) { + !chgpasswd(username, rhost, pass, old_passwd, new_passwd, + as_root)) { TALLOC_FREE(pass); return NT_STATUS_ACCESS_DENIED; } @@ -1073,7 +1079,7 @@ static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *ne Code to check and change the OEM hashed password. ************************************************************/ -NTSTATUS pass_oem_change(char *user, +NTSTATUS pass_oem_change(char *user, const char *rhost, uchar password_encrypted_with_lm_hash[516], const uchar old_lm_hash_encrypted[16], uchar password_encrypted_with_nt_hash[516], @@ -1114,7 +1120,8 @@ NTSTATUS pass_oem_change(char *user, /* We've already checked the old password here.... */ become_root(); - nt_status = change_oem_password(sampass, NULL, new_passwd, True, reject_reason); + nt_status = change_oem_password(sampass, rhost, NULL, new_passwd, + True, reject_reason); unbecome_root(); memset(new_passwd, 0, strlen(new_passwd)); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index ff7055537f..6e83a3e4e5 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1952,6 +1952,7 @@ NTSTATUS _samr_ChangePasswordUser2(struct pipes_struct *p, */ status = pass_oem_change(user_name, + p->client_id->name, r->in.lm_password->data, r->in.lm_verifier->hash, r->in.nt_password->data, @@ -2004,6 +2005,7 @@ NTSTATUS _samr_OemChangePasswordUser2(struct pipes_struct *p, } status = pass_oem_change(user_name, + p->client_id->name, r->in.password->data, r->in.hash->hash, 0, @@ -2056,6 +2058,7 @@ NTSTATUS _samr_ChangePasswordUser3(struct pipes_struct *p, */ status = pass_oem_change(user_name, + p->client_id->name, r->in.lm_password->data, r->in.lm_verifier->hash, r->in.nt_password->data, @@ -4749,6 +4752,7 @@ static NTSTATUS set_user_info_21(struct samr_UserInfo21 *id21, static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, struct samr_UserInfo23 *id23, + const char *rhost, struct samu *pwd) { char *plaintext_buf = NULL; @@ -4811,7 +4815,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n")); } - if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) { + if(!chgpasswd(pdb_get_username(pwd), rhost, + passwd, "", plaintext_buf, True)) { return NT_STATUS_ACCESS_DENIED; } TALLOC_FREE(passwd); @@ -4839,7 +4844,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, set_user_info_pw ********************************************************************/ -static bool set_user_info_pw(uint8 *pass, struct samu *pwd) +static bool set_user_info_pw(uint8 *pass, const char *rhost, struct samu *pwd) { size_t len = 0; char *plaintext_buf = NULL; @@ -4882,7 +4887,8 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd) DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n")); } - if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) { + if(!chgpasswd(pdb_get_username(pwd), rhost, passwd, + "", plaintext_buf, True)) { return False; } TALLOC_FREE(passwd); @@ -4901,6 +4907,7 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd) ********************************************************************/ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx, + const char *rhost, struct samr_UserInfo24 *id24, struct samu *pwd) { @@ -4911,7 +4918,7 @@ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - if (!set_user_info_pw(id24->password.data, pwd)) { + if (!set_user_info_pw(id24->password.data, rhost, pwd)) { return NT_STATUS_WRONG_PASSWORD; } @@ -4930,6 +4937,7 @@ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx, ********************************************************************/ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, + const char *rhost, struct samr_UserInfo25 *id25, struct samu *pwd) { @@ -4951,7 +4959,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, if ((id25->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) || (id25->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) { - if (!set_user_info_pw(id25->password.data, pwd)) { + if (!set_user_info_pw(id25->password.data, rhost, pwd)) { return NT_STATUS_WRONG_PASSWORD; } } @@ -4986,6 +4994,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, ********************************************************************/ static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx, + const char *rhost, struct samr_UserInfo26 *id26, struct samu *pwd) { @@ -4996,7 +5005,7 @@ static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - if (!set_user_info_pw(id26->password.data, pwd)) { + if (!set_user_info_pw(id26->password.data, rhost, pwd)) { return NT_STATUS_WRONG_PASSWORD; } @@ -5272,7 +5281,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p, dump_data(100, info->info23.password.data, 516); status = set_user_info_23(p->mem_ctx, - &info->info23, pwd); + &info->info23, + p->client_id->name, + pwd); break; case 24: @@ -5286,6 +5297,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p, dump_data(100, info->info24.password.data, 516); status = set_user_info_24(p->mem_ctx, + p->client_id->name, &info->info24, pwd); break; @@ -5300,6 +5312,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p, dump_data(100, info->info25.password.data, 532); status = set_user_info_25(p->mem_ctx, + p->client_id->name, &info->info25, pwd); break; @@ -5314,6 +5327,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p, dump_data(100, info->info26.password.data, 516); status = set_user_info_26(p->mem_ctx, + p->client_id->name, &info->info26, pwd); break; diff --git a/source3/rpc_server/srv_samr_util.h b/source3/rpc_server/srv_samr_util.h index fb6d02620d..e898541559 100644 --- a/source3/rpc_server/srv_samr_util.h +++ b/source3/rpc_server/srv_samr_util.h @@ -64,9 +64,9 @@ void copy_id26_to_sam_passwd(struct samu *to, /* The following definitions come from rpc_server/srv_samr_chgpasswd.c */ -bool chgpasswd(const char *name, const struct passwd *pass, +bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass, const char *oldpass, const char *newpass, bool as_root); -NTSTATUS pass_oem_change(char *user, +NTSTATUS pass_oem_change(char *user, const char *rhost, uchar password_encrypted_with_lm_hash[516], const uchar old_lm_hash_encrypted[16], uchar password_encrypted_with_nt_hash[516], |