summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/pampass.c5
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/rpc_server/srv_samr_chgpasswd.c21
-rw-r--r--source3/rpc_server/srv_samr_nt.c28
-rw-r--r--source3/rpc_server/srv_samr_util.h4
5 files changed, 42 insertions, 19 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 6f8be1a38d..9d5b9f56be 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -863,7 +863,8 @@ NTSTATUS smb_pam_passcheck(const char * user, const char * password)
* PAM Password Change Suite
*/
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
+bool smb_pam_passchange(const char *user, const char *rhost,
+ const char *oldpassword, const char *newpassword)
{
/* Appropriate quantities of root should be obtained BEFORE calling this function */
struct pam_conv *pconv = NULL;
@@ -872,7 +873,7 @@ bool smb_pam_passchange(const char * user, const char * oldpassword, const char
if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
return False;
- if(!smb_pam_start(&pamh, user, NULL, pconv))
+ if(!smb_pam_start(&pamh, user, rhost, pconv))
return False;
if (!smb_pam_chauthtok(pamh, user)) {
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4b34ec0c00..1cafe9babc 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -223,7 +223,8 @@ bool smb_pam_claim_session(char *user, char *tty, char *rhost);
bool smb_pam_close_session(char *user, char *tty, char *rhost);
NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost);
NTSTATUS smb_pam_passcheck(const char * user, const char * password);
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword);
+bool smb_pam_passchange(const char *user, const char *rhost,
+ const char *oldpassword, const char *newpassword);
bool smb_pam_claim_session(char *user, char *tty, char *rhost);
bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
diff --git a/source3/rpc_server/srv_samr_chgpasswd.c b/source3/rpc_server/srv_samr_chgpasswd.c
index 525f8382c6..d31215b321 100644
--- a/source3/rpc_server/srv_samr_chgpasswd.c
+++ b/source3/rpc_server/srv_samr_chgpasswd.c
@@ -486,7 +486,7 @@ while we were waiting\n", WTERMSIG(wstat)));
return (chstat);
}
-bool chgpasswd(const char *name, const struct passwd *pass,
+bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
const char *oldpass, const char *newpass, bool as_root)
{
char *passwordprogram = NULL;
@@ -546,9 +546,11 @@ bool chgpasswd(const char *name, const struct passwd *pass,
become_root();
if (pass) {
- ret = smb_pam_passchange(pass->pw_name, oldpass, newpass);
+ ret = smb_pam_passchange(pass->pw_name, rhost,
+ oldpass, newpass);
} else {
- ret = smb_pam_passchange(name, oldpass, newpass);
+ ret = smb_pam_passchange(name, rhost, oldpass,
+ newpass);
}
if (as_root)
@@ -961,7 +963,10 @@ NTSTATUS check_password_complexity(const char *username,
is correct before calling. JRA.
************************************************************/
-static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
+static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
+ char *old_passwd, char *new_passwd,
+ bool as_root,
+ enum samPwdChangeReason *samr_reject_reason)
{
uint32 min_len;
uint32 refuse;
@@ -1054,7 +1059,8 @@ static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *ne
*/
if(lp_unix_password_sync() &&
- !chgpasswd(username, pass, old_passwd, new_passwd, as_root)) {
+ !chgpasswd(username, rhost, pass, old_passwd, new_passwd,
+ as_root)) {
TALLOC_FREE(pass);
return NT_STATUS_ACCESS_DENIED;
}
@@ -1073,7 +1079,7 @@ static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *ne
Code to check and change the OEM hashed password.
************************************************************/
-NTSTATUS pass_oem_change(char *user,
+NTSTATUS pass_oem_change(char *user, const char *rhost,
uchar password_encrypted_with_lm_hash[516],
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
@@ -1114,7 +1120,8 @@ NTSTATUS pass_oem_change(char *user,
/* We've already checked the old password here.... */
become_root();
- nt_status = change_oem_password(sampass, NULL, new_passwd, True, reject_reason);
+ nt_status = change_oem_password(sampass, rhost, NULL, new_passwd,
+ True, reject_reason);
unbecome_root();
memset(new_passwd, 0, strlen(new_passwd));
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index ff7055537f..6e83a3e4e5 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1952,6 +1952,7 @@ NTSTATUS _samr_ChangePasswordUser2(struct pipes_struct *p,
*/
status = pass_oem_change(user_name,
+ p->client_id->name,
r->in.lm_password->data,
r->in.lm_verifier->hash,
r->in.nt_password->data,
@@ -2004,6 +2005,7 @@ NTSTATUS _samr_OemChangePasswordUser2(struct pipes_struct *p,
}
status = pass_oem_change(user_name,
+ p->client_id->name,
r->in.password->data,
r->in.hash->hash,
0,
@@ -2056,6 +2058,7 @@ NTSTATUS _samr_ChangePasswordUser3(struct pipes_struct *p,
*/
status = pass_oem_change(user_name,
+ p->client_id->name,
r->in.lm_password->data,
r->in.lm_verifier->hash,
r->in.nt_password->data,
@@ -4749,6 +4752,7 @@ static NTSTATUS set_user_info_21(struct samr_UserInfo21 *id21,
static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
struct samr_UserInfo23 *id23,
+ const char *rhost,
struct samu *pwd)
{
char *plaintext_buf = NULL;
@@ -4811,7 +4815,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
- if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+ if(!chgpasswd(pdb_get_username(pwd), rhost,
+ passwd, "", plaintext_buf, True)) {
return NT_STATUS_ACCESS_DENIED;
}
TALLOC_FREE(passwd);
@@ -4839,7 +4844,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
set_user_info_pw
********************************************************************/
-static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
+static bool set_user_info_pw(uint8 *pass, const char *rhost, struct samu *pwd)
{
size_t len = 0;
char *plaintext_buf = NULL;
@@ -4882,7 +4887,8 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
- if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+ if(!chgpasswd(pdb_get_username(pwd), rhost, passwd,
+ "", plaintext_buf, True)) {
return False;
}
TALLOC_FREE(passwd);
@@ -4901,6 +4907,7 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
********************************************************************/
static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
+ const char *rhost,
struct samr_UserInfo24 *id24,
struct samu *pwd)
{
@@ -4911,7 +4918,7 @@ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!set_user_info_pw(id24->password.data, pwd)) {
+ if (!set_user_info_pw(id24->password.data, rhost, pwd)) {
return NT_STATUS_WRONG_PASSWORD;
}
@@ -4930,6 +4937,7 @@ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
********************************************************************/
static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
+ const char *rhost,
struct samr_UserInfo25 *id25,
struct samu *pwd)
{
@@ -4951,7 +4959,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
if ((id25->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
(id25->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) {
- if (!set_user_info_pw(id25->password.data, pwd)) {
+ if (!set_user_info_pw(id25->password.data, rhost, pwd)) {
return NT_STATUS_WRONG_PASSWORD;
}
}
@@ -4986,6 +4994,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
********************************************************************/
static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
+ const char *rhost,
struct samr_UserInfo26 *id26,
struct samu *pwd)
{
@@ -4996,7 +5005,7 @@ static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!set_user_info_pw(id26->password.data, pwd)) {
+ if (!set_user_info_pw(id26->password.data, rhost, pwd)) {
return NT_STATUS_WRONG_PASSWORD;
}
@@ -5272,7 +5281,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
dump_data(100, info->info23.password.data, 516);
status = set_user_info_23(p->mem_ctx,
- &info->info23, pwd);
+ &info->info23,
+ p->client_id->name,
+ pwd);
break;
case 24:
@@ -5286,6 +5297,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
dump_data(100, info->info24.password.data, 516);
status = set_user_info_24(p->mem_ctx,
+ p->client_id->name,
&info->info24, pwd);
break;
@@ -5300,6 +5312,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
dump_data(100, info->info25.password.data, 532);
status = set_user_info_25(p->mem_ctx,
+ p->client_id->name,
&info->info25, pwd);
break;
@@ -5314,6 +5327,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
dump_data(100, info->info26.password.data, 516);
status = set_user_info_26(p->mem_ctx,
+ p->client_id->name,
&info->info26, pwd);
break;
diff --git a/source3/rpc_server/srv_samr_util.h b/source3/rpc_server/srv_samr_util.h
index fb6d02620d..e898541559 100644
--- a/source3/rpc_server/srv_samr_util.h
+++ b/source3/rpc_server/srv_samr_util.h
@@ -64,9 +64,9 @@ void copy_id26_to_sam_passwd(struct samu *to,
/* The following definitions come from rpc_server/srv_samr_chgpasswd.c */
-bool chgpasswd(const char *name, const struct passwd *pass,
+bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
const char *oldpass, const char *newpass, bool as_root);
-NTSTATUS pass_oem_change(char *user,
+NTSTATUS pass_oem_change(char *user, const char *rhost,
uchar password_encrypted_with_lm_hash[516],
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],