summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_samr_nt.c24
-rw-r--r--source3/smbd/chgpasswd.c15
-rw-r--r--source3/smbd/lanman.c112
3 files changed, 78 insertions, 73 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 2f7101fcc2..ea014d7ce0 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1517,17 +1517,17 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_R_CHGPASSWD_USER *r_u)
{
- fstring user_name;
- fstring wks;
+ fstring user_name;
+ fstring wks;
- DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+ DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
- r_u->status = NT_STATUS_OK;
+ r_u->status = NT_STATUS_OK;
- rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
- rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
+ rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
+ rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
- DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
+ DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
/*
* Pass the user through the NT -> unix user mapping
@@ -1541,14 +1541,14 @@ NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_
* is case insensitive.
*/
- r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
- q_u->nt_newpass.pass, q_u->nt_oldhash.hash);
+ r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
+ q_u->nt_newpass.pass, q_u->nt_oldhash.hash);
- init_samr_r_chgpasswd_user(r_u, r_u->status);
+ init_samr_r_chgpasswd_user(r_u, r_u->status);
- DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+ DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
- return r_u->status;
+ return r_u->status;
}
/*******************************************************************
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 5c1d9a79a6..6bc8626d81 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -674,6 +674,8 @@ BOOL check_lanman_password(char *user, uchar * pass1,
Code to change the lanman hashed password.
It nulls out the NT hashed password as it will
no longer be valid.
+ NOTE this function is designed to be called as root. Check the old password
+ is correct before calling. JRA.
************************************************************/
BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar *pass2)
@@ -730,9 +732,7 @@ BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar *pass2)
}
/* Now flush the sam_passwd struct to persistent storage */
- become_root();
ret = pdb_update_sam_account (sampass);
- unbecome_root();
return ret;
}
@@ -740,6 +740,7 @@ BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar *pass2)
/***********************************************************
Code to check and change the OEM hashed password.
************************************************************/
+
NTSTATUS pass_oem_change(char *user,
uchar * lmdata, uchar * lmhash,
uchar * ntdata, uchar * nthash)
@@ -747,8 +748,7 @@ NTSTATUS pass_oem_change(char *user,
fstring new_passwd;
const char *unix_user;
SAM_ACCOUNT *sampass = NULL;
- NTSTATUS nt_status
- = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
+ NTSTATUS nt_status = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
&sampass, new_passwd, sizeof(new_passwd));
if (!NT_STATUS_IS_OK(nt_status))
@@ -765,7 +765,10 @@ NTSTATUS pass_oem_change(char *user,
unix_user = pdb_get_username(sampass);
+ /* We've already checked the old password here.... */
+ become_root();
nt_status = change_oem_password(sampass, NULL, new_passwd);
+ unbecome_root();
memset(new_passwd, 0, sizeof(new_passwd));
@@ -942,6 +945,8 @@ static NTSTATUS check_oem_password(const char *user,
/***********************************************************
Code to change the oem password. Changes both the lanman
and NT hashes. Old_passwd is almost always NULL.
+ NOTE this function is designed to be called as root. Check the old password
+ is correct before calling. JRA.
************************************************************/
NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd)
@@ -997,9 +1002,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
}
/* Now write it into the file. */
- become_root();
ret = pdb_update_sam_account (hnd);
- unbecome_root();
if (!ret) {
return NT_STATUS_ACCESS_DENIED;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 04d6a9a8a8..a5f7a7b2ea 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1897,76 +1897,78 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *p = skip_string(param+2,2);
- fstring user;
- fstring pass1,pass2;
+ char *p = skip_string(param+2,2);
+ fstring user;
+ fstring pass1,pass2;
- pull_ascii_fstring(user,p);
+ pull_ascii_fstring(user,p);
- p = skip_string(p,1);
+ p = skip_string(p,1);
- memset(pass1,'\0',sizeof(pass1));
- memset(pass2,'\0',sizeof(pass2));
- memcpy(pass1,p,16);
- memcpy(pass2,p+16,16);
+ memset(pass1,'\0',sizeof(pass1));
+ memset(pass2,'\0',sizeof(pass2));
+ memcpy(pass1,p,16);
+ memcpy(pass2,p+16,16);
- *rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam_len = 4;
+ *rparam = REALLOC(*rparam,*rparam_len);
- *rdata_len = 0;
+ *rdata_len = 0;
- SSVAL(*rparam,0,NERR_badpass);
- SSVAL(*rparam,2,0); /* converter word */
+ SSVAL(*rparam,0,NERR_badpass);
+ SSVAL(*rparam,2,0); /* converter word */
- DEBUG(3,("Set password for <%s>\n",user));
+ DEBUG(3,("Set password for <%s>\n",user));
- /*
- * Attempt to verify the old password against smbpasswd entries
- * Win98 clients send old and new password in plaintext for this call.
- */
+ /*
+ * Attempt to verify the old password against smbpasswd entries
+ * Win98 clients send old and new password in plaintext for this call.
+ */
- {
- auth_serversupplied_info *server_info = NULL;
- DATA_BLOB password = data_blob(pass1, strlen(pass1)+1);
- if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) {
-
- if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2)))
- {
- SSVAL(*rparam,0,NERR_Success);
- }
-
- free_server_info(&server_info);
- }
- data_blob_clear_free(&password);
- }
+ {
+ auth_serversupplied_info *server_info = NULL;
+ DATA_BLOB password = data_blob(pass1, strlen(pass1)+1);
- /*
- * If the plaintext change failed, attempt
- * the old encrypted method. NT will generate this
- * after trying the samr method. Note that this
- * method is done as a last resort as this
- * password change method loses the NT password hash
- * and cannot change the UNIX password as no plaintext
- * is received.
- */
+ if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) {
- if(SVAL(*rparam,0) != NERR_Success)
- {
- SAM_ACCOUNT *hnd = NULL;
+ become_root();
+ if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2))) {
+ SSVAL(*rparam,0,NERR_Success);
+ }
+ unbecome_root();
- if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) &&
- change_lanman_password(hnd,pass2))
- {
- SSVAL(*rparam,0,NERR_Success);
- }
- pdb_free_sam(&hnd);
- }
+ free_server_info(&server_info);
+ }
+ data_blob_clear_free(&password);
+ }
+ /*
+ * If the plaintext change failed, attempt
+ * the old encrypted method. NT will generate this
+ * after trying the samr method. Note that this
+ * method is done as a last resort as this
+ * password change method loses the NT password hash
+ * and cannot change the UNIX password as no plaintext
+ * is received.
+ */
+
+ if(SVAL(*rparam,0) != NERR_Success) {
+ SAM_ACCOUNT *hnd = NULL;
- memset((char *)pass1,'\0',sizeof(fstring));
- memset((char *)pass2,'\0',sizeof(fstring));
+ if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd)) {
+ become_root();
+ if (change_lanman_password(hnd,pass2)) {
+ SSVAL(*rparam,0,NERR_Success);
+ }
+ unbecome_root();
+ pdb_free_sam(&hnd);
+ }
+ }
+
+ memset((char *)pass1,'\0',sizeof(fstring));
+ memset((char *)pass2,'\0',sizeof(fstring));
- return(True);
+ return(True);
}
/****************************************************************************