summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/chgpasswd.c66
1 files changed, 27 insertions, 39 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 72f06fb2ed..5e89b6c80c 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -53,7 +53,7 @@ static NTSTATUS check_oem_password(const char *user,
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16],
- struct samu **hnd,
+ struct samu *sampass,
char **pp_new_passwd);
#if ALLOW_CHANGE_PASSWORD
@@ -782,15 +782,33 @@ NTSTATUS pass_oem_change(char *user,
{
char *new_passwd = NULL;
struct samu *sampass = NULL;
- NTSTATUS nt_status = check_oem_password(user,
- password_encrypted_with_lm_hash,
- old_lm_hash_encrypted,
- password_encrypted_with_nt_hash,
- old_nt_hash_encrypted,
- &sampass,
- &new_passwd);
+ NTSTATUS nt_status;
+ bool ret = false;
+
+ if (!(sampass = samu_new(NULL))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ become_root();
+ ret = pdb_getsampwnam(sampass, user);
+ unbecome_root();
+
+ if (ret == false) {
+ DEBUG(0,("pass_oem_change: getsmbpwnam returned NULL\n"));
+ TALLOC_FREE(sampass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ nt_status = check_oem_password(user,
+ password_encrypted_with_lm_hash,
+ old_lm_hash_encrypted,
+ password_encrypted_with_nt_hash,
+ old_nt_hash_encrypted,
+ sampass,
+ &new_passwd);
if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(sampass);
return nt_status;
}
@@ -823,12 +841,11 @@ static NTSTATUS check_oem_password(const char *user,
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16],
- struct samu **hnd,
+ struct samu *sampass,
char **pp_new_passwd)
{
uchar null_pw[16];
uchar null_ntpw[16];
- struct samu *sampass = NULL;
uint8 *password_encrypted;
const uint8 *encryption_key;
const uint8 *lanman_pw, *nt_pw;
@@ -838,32 +855,14 @@ static NTSTATUS check_oem_password(const char *user,
uchar new_lm_hash[16];
uchar verifier[16];
char no_pw[2];
- bool ret;
bool nt_pass_set = (password_encrypted_with_nt_hash && old_nt_hash_encrypted);
bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted);
- *hnd = NULL;
-
- if ( !(sampass = samu_new( NULL )) ) {
- return NT_STATUS_NO_MEMORY;
- }
-
- become_root();
- ret = pdb_getsampwnam(sampass, user);
- unbecome_root();
-
- if (ret == False) {
- DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
- TALLOC_FREE(sampass);
- return NT_STATUS_NO_SUCH_USER;
- }
-
acct_ctrl = pdb_get_acct_ctrl(sampass);
if (acct_ctrl & ACB_DISABLED) {
DEBUG(2,("check_lanman_password: account %s disabled.\n", user));
- TALLOC_FREE(sampass);
return NT_STATUS_ACCOUNT_DISABLED;
}
@@ -898,7 +897,6 @@ static NTSTATUS check_oem_password(const char *user,
} else if (nt_pass_set) {
DEBUG(1, ("NT password change supplied for user %s, but we have no NT password to check it with\n",
user));
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
} else if (lm_pass_set) {
if (lp_lanman_auth()) {
@@ -908,12 +906,10 @@ static NTSTATUS check_oem_password(const char *user,
DEBUG(1, ("LM password change supplied for user %s, but we have disabled LanMan authentication\n",
user));
}
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
} else {
DEBUG(1, ("password change requested for user %s, but no password supplied!\n",
user));
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
}
@@ -927,7 +923,6 @@ static NTSTATUS check_oem_password(const char *user,
pp_new_passwd,
&new_pw_len,
nt_pass_set ? CH_UTF16 : CH_DOS)) {
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
}
@@ -950,7 +945,6 @@ static NTSTATUS check_oem_password(const char *user,
E_old_pw_hash(new_nt_hash, nt_pw, verifier);
if (memcmp(verifier, old_nt_hash_encrypted, 16)) {
DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
}
@@ -967,7 +961,6 @@ static NTSTATUS check_oem_password(const char *user,
DEBUG(100,
("check_oem_password: password %s ok\n", *pp_new_passwd));
#endif
- *hnd = sampass;
return NT_STATUS_OK;
}
@@ -978,14 +971,12 @@ static NTSTATUS check_oem_password(const char *user,
E_old_pw_hash(new_nt_hash, lanman_pw, verifier);
if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
}
#ifdef DEBUG_PASSWORD
DEBUG(100,
("check_oem_password: password %s ok\n", *pp_new_passwd));
#endif
- *hnd = sampass;
return NT_STATUS_OK;
}
}
@@ -1000,7 +991,6 @@ static NTSTATUS check_oem_password(const char *user,
E_old_pw_hash(new_lm_hash, lanman_pw, verifier);
if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
}
@@ -1008,12 +998,10 @@ static NTSTATUS check_oem_password(const char *user,
DEBUG(100,
("check_oem_password: password %s ok\n", *pp_new_passwd));
#endif
- *hnd = sampass;
return NT_STATUS_OK;
}
/* should not be reached */
- TALLOC_FREE(sampass);
return NT_STATUS_WRONG_PASSWORD;
}