diff options
-rw-r--r-- | source3/smbd/chgpasswd.c | 66 |
1 files changed, 27 insertions, 39 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 72f06fb2ed..5e89b6c80c 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -53,7 +53,7 @@ static NTSTATUS check_oem_password(const char *user, const uchar old_lm_hash_encrypted[16], uchar password_encrypted_with_nt_hash[516], const uchar old_nt_hash_encrypted[16], - struct samu **hnd, + struct samu *sampass, char **pp_new_passwd); #if ALLOW_CHANGE_PASSWORD @@ -782,15 +782,33 @@ NTSTATUS pass_oem_change(char *user, { char *new_passwd = NULL; struct samu *sampass = NULL; - NTSTATUS nt_status = check_oem_password(user, - password_encrypted_with_lm_hash, - old_lm_hash_encrypted, - password_encrypted_with_nt_hash, - old_nt_hash_encrypted, - &sampass, - &new_passwd); + NTSTATUS nt_status; + bool ret = false; + + if (!(sampass = samu_new(NULL))) { + return NT_STATUS_NO_MEMORY; + } + + become_root(); + ret = pdb_getsampwnam(sampass, user); + unbecome_root(); + + if (ret == false) { + DEBUG(0,("pass_oem_change: getsmbpwnam returned NULL\n")); + TALLOC_FREE(sampass); + return NT_STATUS_NO_SUCH_USER; + } + + nt_status = check_oem_password(user, + password_encrypted_with_lm_hash, + old_lm_hash_encrypted, + password_encrypted_with_nt_hash, + old_nt_hash_encrypted, + sampass, + &new_passwd); if (!NT_STATUS_IS_OK(nt_status)) { + TALLOC_FREE(sampass); return nt_status; } @@ -823,12 +841,11 @@ static NTSTATUS check_oem_password(const char *user, const uchar old_lm_hash_encrypted[16], uchar password_encrypted_with_nt_hash[516], const uchar old_nt_hash_encrypted[16], - struct samu **hnd, + struct samu *sampass, char **pp_new_passwd) { uchar null_pw[16]; uchar null_ntpw[16]; - struct samu *sampass = NULL; uint8 *password_encrypted; const uint8 *encryption_key; const uint8 *lanman_pw, *nt_pw; @@ -838,32 +855,14 @@ static NTSTATUS check_oem_password(const char *user, uchar new_lm_hash[16]; uchar verifier[16]; char no_pw[2]; - bool ret; bool nt_pass_set = (password_encrypted_with_nt_hash && old_nt_hash_encrypted); bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted); - *hnd = NULL; - - if ( !(sampass = samu_new( NULL )) ) { - return NT_STATUS_NO_MEMORY; - } - - become_root(); - ret = pdb_getsampwnam(sampass, user); - unbecome_root(); - - if (ret == False) { - DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n")); - TALLOC_FREE(sampass); - return NT_STATUS_NO_SUCH_USER; - } - acct_ctrl = pdb_get_acct_ctrl(sampass); if (acct_ctrl & ACB_DISABLED) { DEBUG(2,("check_lanman_password: account %s disabled.\n", user)); - TALLOC_FREE(sampass); return NT_STATUS_ACCOUNT_DISABLED; } @@ -898,7 +897,6 @@ static NTSTATUS check_oem_password(const char *user, } else if (nt_pass_set) { DEBUG(1, ("NT password change supplied for user %s, but we have no NT password to check it with\n", user)); - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } else if (lm_pass_set) { if (lp_lanman_auth()) { @@ -908,12 +906,10 @@ static NTSTATUS check_oem_password(const char *user, DEBUG(1, ("LM password change supplied for user %s, but we have disabled LanMan authentication\n", user)); } - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } else { DEBUG(1, ("password change requested for user %s, but no password supplied!\n", user)); - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } @@ -927,7 +923,6 @@ static NTSTATUS check_oem_password(const char *user, pp_new_passwd, &new_pw_len, nt_pass_set ? CH_UTF16 : CH_DOS)) { - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } @@ -950,7 +945,6 @@ static NTSTATUS check_oem_password(const char *user, E_old_pw_hash(new_nt_hash, nt_pw, verifier); if (memcmp(verifier, old_nt_hash_encrypted, 16)) { DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } @@ -967,7 +961,6 @@ static NTSTATUS check_oem_password(const char *user, DEBUG(100, ("check_oem_password: password %s ok\n", *pp_new_passwd)); #endif - *hnd = sampass; return NT_STATUS_OK; } @@ -978,14 +971,12 @@ static NTSTATUS check_oem_password(const char *user, E_old_pw_hash(new_nt_hash, lanman_pw, verifier); if (memcmp(verifier, old_lm_hash_encrypted, 16)) { DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } #ifdef DEBUG_PASSWORD DEBUG(100, ("check_oem_password: password %s ok\n", *pp_new_passwd)); #endif - *hnd = sampass; return NT_STATUS_OK; } } @@ -1000,7 +991,6 @@ static NTSTATUS check_oem_password(const char *user, E_old_pw_hash(new_lm_hash, lanman_pw, verifier); if (memcmp(verifier, old_lm_hash_encrypted, 16)) { DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } @@ -1008,12 +998,10 @@ static NTSTATUS check_oem_password(const char *user, DEBUG(100, ("check_oem_password: password %s ok\n", *pp_new_passwd)); #endif - *hnd = sampass; return NT_STATUS_OK; } /* should not be reached */ - TALLOC_FREE(sampass); return NT_STATUS_WRONG_PASSWORD; } |