diff options
-rw-r--r-- | source3/auth/auth.c | 4 | ||||
-rw-r--r-- | source3/auth/auth_sam.c | 4 | ||||
-rw-r--r-- | source3/auth/auth_unix.c | 32 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 32 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 6 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 127 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 8 | ||||
-rw-r--r-- | source3/smbd/auth.c | 4 | ||||
-rw-r--r-- | source3/smbd/auth_smbpasswd.c | 4 | ||||
-rw-r--r-- | source3/smbd/auth_unix.c | 32 | ||||
-rw-r--r-- | source3/smbd/chgpasswd.c | 93 | ||||
-rw-r--r-- | source3/smbd/lanman.c | 8 | ||||
-rw-r--r-- | source3/utils/pdbedit.c | 36 | ||||
-rw-r--r-- | source3/utils/smbpasswd.c | 8 |
14 files changed, 232 insertions, 166 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 5b6b2d4c42..6aa2714b0b 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -189,6 +189,10 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user, user_info.lm_resp.buffer = (uint8 *)local_lm_response; user_info.lm_resp.len = 24; + + /* WATCH OUT. This doesn't work if the incoming password is incorrectly cased. + We might want to add a check here and only do an LM in that case */ + /* This encrypts the lm_pwd feild, which actualy contains the password rather than the nt_pwd field becouse that contains nothing */ SMBNTencrypt((uchar *)lm_pwd, user_info.chal, local_nt_response); diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 567414d1a2..8159ad988f 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -306,7 +306,7 @@ NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_ if (ret == False) { DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->unix_username.str)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } @@ -316,7 +316,7 @@ NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_ nt_status = sam_account_ok(sampass, user_info); } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return nt_status; } diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 5582682d98..0d73988d8a 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -31,7 +31,7 @@ this ugly hack needs to die, but not quite yet... static BOOL update_smbpassword_file(char *user, char *password) { SAM_ACCOUNT *sampass = NULL; - BOOL ret; + BOOL ret; pdb_init_sam(&sampass); @@ -41,7 +41,7 @@ static BOOL update_smbpassword_file(char *user, char *password) if(ret == False) { DEBUG(0,("pdb_getsampwnam returned NULL\n")); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -49,16 +49,32 @@ static BOOL update_smbpassword_file(char *user, char *password) * Remove the account disabled flag - we are updating the * users password from a login. */ - pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED); + if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) { + pdb_free_sam(&sampass); + return False; + } + + if (!pdb_set_plaintext_passwd (sampass, password)) { + pdb_free_sam(&sampass); + return False; + } - /* Here, the flag is one, because we want to ignore the + /* Now write it into the file. */ + become_root(); + + /* Here, the override flag is True, because we want to ignore the XXXXXXX'd out password */ - ret = change_oem_password( sampass, password, True); - if (ret == False) { - DEBUG(3,("change_oem_password returned False\n")); + ret = pdb_update_sam_account (sampass, True); + + unbecome_root(); + + if (ret) { + DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } - pdb_free_sam(sampass); + memset(password, '\0', strlen(password)); + + pdb_free_sam(&sampass); return ret; } diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index bf615682d3..fffa5b1ba1 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -203,19 +203,19 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct) if (ret==False) { DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } if (!(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return True; } DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -410,7 +410,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * /* Ensure the account exists and is a machine account. */ if (ret==False || !(pdb_get_acct_ctrl(sampass) & ACB_WSTRUST)) { - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } @@ -422,9 +422,21 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0); /* lies! nt and lm passwords are _not_ the same: don't care */ - pdb_set_lanman_passwd (sampass, pwd); - pdb_set_nt_passwd (sampass, pwd); - pdb_set_acct_ctrl (sampass, ACB_WSTRUST); + if (!pdb_set_lanman_passwd (sampass, pwd)) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_nt_passwd (sampass, pwd)) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_acct_ctrl (sampass, ACB_WSTRUST)) { + pdb_free_sam(&sampass); + /* Not quite sure what this one qualifies as, but this will do */ + return NT_STATUS_NO_MEMORY; + } become_root(); ret = pdb_update_sam_account (sampass,False); @@ -436,7 +448,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * /* set up the LSA Server Password Set response */ init_net_r_srv_pwset(r_u, &srv_cred, status); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return r_u->status; } @@ -679,7 +691,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * unbecome_root(); if (ret == False) { - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } @@ -736,6 +748,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return status; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index b3f590a177..00acb93cf3 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -385,7 +385,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name if(!pdb_getsampwnam(sampass, pipe_user_name)) { DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n", pipe_user_name)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); unbecome_root(); return False; } @@ -394,7 +394,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name if(!pdb_get_nt_passwd(sampass)) { DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -463,7 +463,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name p->ntlmssp_auth_validated = True; - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return True; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index f7e6317edf..9748d0e950 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -103,7 +103,7 @@ static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, if (!pdb_setsampwent(False)) { DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return NT_STATUS_ACCESS_DENIED; } @@ -151,7 +151,7 @@ static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, } pdb_endsampwent(); - pdb_free_sam(pwd); + pdb_free_sam(&pwd); if (not_finished) return STATUS_MORE_ENTRIES; @@ -231,7 +231,7 @@ static NTSTATUS jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, *total_entries = *num_entries; - pdb_free_sam(pwd); + pdb_free_sam(&pwd); if (not_finished) return STATUS_MORE_ENTRIES; @@ -1508,12 +1508,12 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN /* check that the RID exists in our domain. */ if (ret == False) { - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } samr_clear_sam_passwd(sampass); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); /* Get the domain SID stored in the domain policy */ if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) @@ -1559,7 +1559,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) if (ret==False) { DEBUG(4,("User 0x%x not found\n", user_rid)); - pdb_free_sam(smbpass); + pdb_free_sam(&smbpass); return False; } @@ -1569,7 +1569,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) init_sam_user_info10(id10, pdb_get_acct_ctrl(smbpass) ); samr_clear_sam_passwd(smbpass); - pdb_free_sam(smbpass); + pdb_free_sam(&smbpass); return True; } @@ -1600,21 +1600,21 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3 if (ret == False) { DEBUG(4, ("User 0x%x not found\n", user_rid)); - pdb_free_sam(smbpass); + pdb_free_sam(&smbpass); return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED; } DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) )); if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED) { - pdb_free_sam(smbpass); + pdb_free_sam(&smbpass); return NT_STATUS_ACCOUNT_DISABLED; } ZERO_STRUCTP(id12); init_sam_user_info12(id12, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass)); - pdb_free_sam(smbpass); + pdb_free_sam(&smbpass); return NT_STATUS_OK; } @@ -1641,7 +1641,7 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) if (ret == False) { DEBUG(4,("User 0x%x not found\n", user_rid)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -1652,7 +1652,7 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) ZERO_STRUCTP(id20); init_sam_user_info20A(id20, sampass); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return True; } @@ -1679,7 +1679,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) if (ret == False) { DEBUG(4,("User 0x%x not found\n", user_rid)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -1690,7 +1690,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) ZERO_STRUCTP(id21); init_sam_user_info21A(id21, sampass); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return True; } @@ -1946,7 +1946,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ unbecome_root(); if (ret == True) { /* this account exists: say so */ - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_USER_EXISTS; } @@ -1982,7 +1982,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ pstrcpy(add_script, lp_adduser_script()); } else { DEBUG(0, ("_api_samr_create_user: mismatch between trust flags and $ termination\n")); - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_UNSUCCESSFUL; } @@ -1997,7 +1997,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ if (!local_password_change(account, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) { DEBUG(0, ("%s\n", err_str)); - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_ACCESS_DENIED; } @@ -2006,25 +2006,25 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ unbecome_root(); if (ret == False) { /* account doesn't exist: say so */ - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_ACCESS_DENIED; } /* Get the domain SID stored in the domain policy */ if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) { - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_INVALID_HANDLE; } /* append the user's RID to it */ if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) { - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } /* associate the user's SID with the new handle. */ if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) { - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; } @@ -2033,14 +2033,14 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) { - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } r_u->user_rid=sam_pass->user_rid; r_u->unknown_0 = 0x000703ff; - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_OK; } @@ -2236,24 +2236,27 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) ret = pdb_getsampwrid(pwd, rid); if(ret==False) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } if (id10 == NULL) { DEBUG(5, ("set_user_info_10: NULL id10\n")); - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } - pdb_set_acct_ctrl(pwd, id10->acb_info); + if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) { + pdb_free_sam(&pwd); + return False; + } if(!pdb_update_sam_account(pwd, True)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return True; } @@ -2269,25 +2272,31 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) pdb_init_sam(&pwd); if(!pdb_getsampwrid(pwd, rid)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } if (id12 == NULL) { DEBUG(2, ("set_user_info_12: id12 is NULL\n")); - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } - pdb_set_lanman_passwd (pwd, id12->lm_pwd); - pdb_set_nt_passwd (pwd, id12->nt_pwd); + if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) { + pdb_free_sam(&pwd); + return False; + } + if (!pdb_set_nt_passwd (pwd, id12->nt_pwd)) { + pdb_free_sam(&pwd); + return False; + } if(!pdb_update_sam_account(pwd, True)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return True; } @@ -2309,8 +2318,8 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) pdb_init_sam(&new_pwd); if (!pdb_getsampwrid(pwd, rid)) { - pdb_free_sam(pwd); - pdb_free_sam(new_pwd); + pdb_free_sam(&pwd); + pdb_free_sam(&new_pwd); return False; } @@ -2327,13 +2336,13 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) /* write the change out */ if(!pdb_update_sam_account(new_pwd, True)) { - pdb_free_sam(pwd); - pdb_free_sam(new_pwd); + pdb_free_sam(&pwd); + pdb_free_sam(&new_pwd); return False; } - pdb_free_sam(pwd); - pdb_free_sam(new_pwd); + pdb_free_sam(&pwd); + pdb_free_sam(&new_pwd); return True; } @@ -2359,24 +2368,27 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) pdb_init_sam(&new_pwd); if (!pdb_getsampwrid(pwd, rid)) { - pdb_free_sam(pwd); - pdb_free_sam(new_pwd); + pdb_free_sam(&pwd); + pdb_free_sam(&new_pwd); return False; } acct_ctrl = pdb_get_acct_ctrl(pwd); copy_sam_passwd(new_pwd, pwd); - pdb_free_sam(pwd); + pdb_free_sam(&pwd); copy_id23_to_sam_passwd(new_pwd, id23); if (!decode_pw_buffer((char*)id23->pass, plaintext_buf, 256, &len)) { - pdb_free_sam(new_pwd); + pdb_free_sam(&new_pwd); return False; } - pdb_set_plaintext_passwd (new_pwd, plaintext_buf); + if (!pdb_set_plaintext_passwd (new_pwd, plaintext_buf)) { + pdb_free_sam(&new_pwd); + return False; + } /* if it's a trust account, don't update /etc/passwd */ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || @@ -2387,7 +2399,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) /* update the UNIX password */ if (lp_unix_password_sync() ) if(!chgpasswd(pdb_get_username(new_pwd), "", plaintext_buf, True)) { - pdb_free_sam(new_pwd); + pdb_free_sam(&new_pwd); return False; } } @@ -2395,11 +2407,11 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) ZERO_STRUCT(plaintext_buf); if(!pdb_update_sam_account(new_pwd, True)) { - pdb_free_sam(new_pwd); + pdb_free_sam(&new_pwd); return False; } - pdb_free_sam(new_pwd); + pdb_free_sam(&new_pwd); return True; } @@ -2418,7 +2430,7 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) pdb_init_sam(&pwd); if (!pdb_getsampwrid(pwd, rid)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } @@ -2427,11 +2439,14 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) ZERO_STRUCT(plaintext_buf); if (!decode_pw_buffer(pass, plaintext_buf, 256, &len)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } - pdb_set_plaintext_passwd (pwd, plaintext_buf); + if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { + pdb_free_sam(&pwd); + return False; + } /* if it's a trust account, don't update /etc/passwd */ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || @@ -2442,7 +2457,7 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) /* update the UNIX password */ if (lp_unix_password_sync()) if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } } @@ -2453,11 +2468,11 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) /* update the SAMBA password */ if(!pdb_update_sam_account(pwd, True)) { - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return False; } - pdb_free_sam(pwd); + pdb_free_sam(&pwd); return True; } @@ -2516,14 +2531,14 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE unbecome_root(); if(ret == False) { DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid )); - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_ACCESS_DENIED; } memset(sess_key, '\0', 16); mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16); - pdb_free_sam(sam_pass); + pdb_free_sam(&sam_pass); /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 5393523a78..dc66887ee9 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -274,12 +274,12 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type) if (ret == True) { fstrcpy(user_name, pdb_get_username(sampwd) ); DEBUG(5,(" = %s\n", user_name)); - pdb_free_sam(sampwd); + pdb_free_sam(&sampwd); return NT_STATUS_OK; } DEBUG(5,(" none mapped\n")); - pdb_free_sam(sampwd); + pdb_free_sam(&sampwd); return NT_STATUS_NONE_MAPPED; } @@ -340,10 +340,10 @@ NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid) if (ret == True) { (*rid) = pdb_get_user_rid(sampass); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_OK; } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NONE_MAPPED; } diff --git a/source3/smbd/auth.c b/source3/smbd/auth.c index 5b6b2d4c42..6aa2714b0b 100644 --- a/source3/smbd/auth.c +++ b/source3/smbd/auth.c @@ -189,6 +189,10 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user, user_info.lm_resp.buffer = (uint8 *)local_lm_response; user_info.lm_resp.len = 24; + + /* WATCH OUT. This doesn't work if the incoming password is incorrectly cased. + We might want to add a check here and only do an LM in that case */ + /* This encrypts the lm_pwd feild, which actualy contains the password rather than the nt_pwd field becouse that contains nothing */ SMBNTencrypt((uchar *)lm_pwd, user_info.chal, local_nt_response); diff --git a/source3/smbd/auth_smbpasswd.c b/source3/smbd/auth_smbpasswd.c index 567414d1a2..8159ad988f 100644 --- a/source3/smbd/auth_smbpasswd.c +++ b/source3/smbd/auth_smbpasswd.c @@ -306,7 +306,7 @@ NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_ if (ret == False) { DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->unix_username.str)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } @@ -316,7 +316,7 @@ NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_ nt_status = sam_account_ok(sampass, user_info); } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return nt_status; } diff --git a/source3/smbd/auth_unix.c b/source3/smbd/auth_unix.c index 5582682d98..0d73988d8a 100644 --- a/source3/smbd/auth_unix.c +++ b/source3/smbd/auth_unix.c @@ -31,7 +31,7 @@ this ugly hack needs to die, but not quite yet... static BOOL update_smbpassword_file(char *user, char *password) { SAM_ACCOUNT *sampass = NULL; - BOOL ret; + BOOL ret; pdb_init_sam(&sampass); @@ -41,7 +41,7 @@ static BOOL update_smbpassword_file(char *user, char *password) if(ret == False) { DEBUG(0,("pdb_getsampwnam returned NULL\n")); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -49,16 +49,32 @@ static BOOL update_smbpassword_file(char *user, char *password) * Remove the account disabled flag - we are updating the * users password from a login. */ - pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED); + if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) { + pdb_free_sam(&sampass); + return False; + } + + if (!pdb_set_plaintext_passwd (sampass, password)) { + pdb_free_sam(&sampass); + return False; + } - /* Here, the flag is one, because we want to ignore the + /* Now write it into the file. */ + become_root(); + + /* Here, the override flag is True, because we want to ignore the XXXXXXX'd out password */ - ret = change_oem_password( sampass, password, True); - if (ret == False) { - DEBUG(3,("change_oem_password returned False\n")); + ret = pdb_update_sam_account (sampass, True); + + unbecome_root(); + + if (ret) { + DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } - pdb_free_sam(sampass); + memset(password, '\0', strlen(password)); + + pdb_free_sam(&sampass); return ret; } diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 9dbd57129c..de49083960 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -557,7 +557,6 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root) BOOL check_lanman_password(char *user, uchar * pass1, uchar * pass2, SAM_ACCOUNT **hnd) { - static uchar null_pw[16]; uchar unenc_new_pw[16]; uchar unenc_old_pw[16]; SAM_ACCOUNT *sampass = NULL; @@ -571,7 +570,7 @@ BOOL check_lanman_password(char *user, uchar * pass1, if (ret == False) { DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n")); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -580,20 +579,20 @@ BOOL check_lanman_password(char *user, uchar * pass1, if (acct_ctrl & ACB_DISABLED) { DEBUG(0,("check_lanman_password: account %s disabled.\n", user)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } - if ((lanman_pw == NULL) && (acct_ctrl & ACB_PWNOTREQ)) { - uchar no_pw[14]; - memset(no_pw, '\0', 14); - E_P16(no_pw, null_pw); - pdb_set_lanman_passwd (sampass, null_pw); - } - else if (lanman_pw == NULL) { - DEBUG(0, ("check_lanman_password: no lanman password !\n")); - pdb_free_sam(sampass); - return False; + if (lanman_pw == NULL) { + if (acct_ctrl & ACB_PWNOTREQ) { + /* this saves the pointer for the caller */ + *hnd = sampass; + return True; + } else { + DEBUG(0, ("check_lanman_password: no lanman password !\n")); + pdb_free_sam(&sampass); + return False; + } } /* Get the new lanman hash. */ @@ -605,13 +604,12 @@ BOOL check_lanman_password(char *user, uchar * pass1, /* Check that the two old passwords match. */ if (memcmp(lanman_pw, unenc_old_pw, 16)) { DEBUG(0,("check_lanman_password: old password doesn't match.\n")); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } /* this saves the pointer for the caller */ *hnd = sampass; - return True; } @@ -644,22 +642,30 @@ BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1, return False; } - if ((pwd == NULL) && (acct_ctrl & ACB_PWNOTREQ)) { - uchar no_pw[14]; - memset(no_pw, '\0', 14); - E_P16(no_pw, null_pw); - pdb_set_lanman_passwd(sampass, null_pw); + if (pwd == NULL) { + if (acct_ctrl & ACB_PWNOTREQ) { + uchar no_pw[14]; + memset(no_pw, '\0', 14); + E_P16(no_pw, null_pw); + + /* Get the new lanman hash. */ + D_P16(null_pw, pass2, unenc_new_pw); + } else { + DEBUG(0,("change_lanman_password: no lanman password !\n")); + return False; + } + } else { + /* Get the new lanman hash. */ + D_P16(pwd, pass2, unenc_new_pw); } - else if (pwd == NULL) { - DEBUG(0,("change_lanman_password: no lanman password !\n")); + + if (!pdb_set_lanman_passwd(sampass, unenc_new_pw)) { return False; } - /* Get the new lanman hash. */ - D_P16(pwd, pass2, unenc_new_pw); - - pdb_set_lanman_passwd(sampass, unenc_new_pw); - pdb_set_nt_passwd (sampass, NULL); /* We lose the NT hash. Sorry. */ + if (!pdb_set_nt_passwd (sampass, NULL)) { + return False; /* We lose the NT hash. Sorry. */ + } /* Now flush the sam_passwd struct to persistent storage */ become_root(); @@ -690,15 +696,15 @@ BOOL pass_oem_change(char *user, * available. JRA. */ - if (ret && lp_unix_password_sync()) + if ((ret) && lp_unix_password_sync()) ret = chgpasswd(user, "", new_passwd, True); if (ret) - ret = change_oem_password(sampass, new_passwd, False); + ret = change_oem_password(sampass, new_passwd); memset(new_passwd, 0, sizeof(new_passwd)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return ret; } @@ -762,23 +768,19 @@ static BOOL check_oem_password(char *user, /* check for null passwords */ if (lanman_pw == NULL) { - if (acct_ctrl & ACB_PWNOTREQ) - pdb_set_lanman_passwd(sampass, null_pw); - else { + if (!(acct_ctrl & ACB_PWNOTREQ)) { DEBUG(0,("check_oem_password: no lanman password !\n")); return False; } } - + if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set) { - if (acct_ctrl & ACB_PWNOTREQ) - pdb_set_nt_passwd(sampass, null_pw); - else { + if (!(acct_ctrl & ACB_PWNOTREQ)) { DEBUG(0,("check_oem_password: no ntlm password !\n")); return False; } } - + /* * Call the hash function to get the new password. */ @@ -862,24 +864,21 @@ static BOOL check_oem_password(char *user, /*********************************************************** Code to change the oem password. Changes both the lanman and NT hashes. - override = False, normal - override = True, override XXXXXXXXXX'd password ************************************************************/ -BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd, - BOOL override) +BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd) { - int ret; + BOOL ret; - pdb_set_plaintext_passwd (hnd, new_passwd); + if (!pdb_set_plaintext_passwd (hnd, new_passwd)) { + return False; + } /* Now write it into the file. */ become_root(); - ret = pdb_update_sam_account (hnd, override); + ret = pdb_update_sam_account (hnd, False); unbecome_root(); - memset(new_passwd, '\0', strlen(new_passwd)); - return ret; } diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index e9213e75a2..b7acfa5f32 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1884,7 +1884,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param fstrcpy(saved_pass2, pass2); if (check_plaintext_password(user,pass1,strlen(pass1),&sampass) && - change_oem_password(sampass,pass2,False)) + change_oem_password(sampass,pass2)) { SSVAL(*rparam,0,NERR_Success); @@ -1897,7 +1897,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param if(lp_unix_password_sync() && !chgpasswd(user,pass1,saved_pass2,False)) SSVAL(*rparam,0,NERR_badpass); } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); } @@ -1931,12 +1931,12 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param { SAM_ACCOUNT *hnd = NULL; - if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) && + if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) && change_lanman_password(hnd,(unsigned char *)pass1,(unsigned char *)pass2)) { SSVAL(*rparam,0,NERR_Success); } - pdb_free_sam(hnd); + pdb_free_sam(&hnd); } diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index d0629fa258..ce5195a810 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -128,12 +128,12 @@ static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle) if (ret==False) { fprintf (stderr, "Username not found!\n"); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return -1; } ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return ret; } @@ -151,7 +151,7 @@ static int print_users_list (BOOL verbosity, BOOL smbpwdstyle) ret = pdb_setsampwent(False); if (ret && errno == ENOENT) { fprintf (stderr,"Password database not found!\n"); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); exit(1); } @@ -163,7 +163,7 @@ static int print_users_list (BOOL verbosity, BOOL smbpwdstyle) } pdb_endsampwent (); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return 0; } @@ -181,7 +181,7 @@ static int set_user_info (char *username, char *fullname, char *homedir, char *d ret = pdb_getsampwnam (sam_pwent, username); if (ret==False) { fprintf (stderr, "Username not found!\n"); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return -1; } @@ -200,10 +200,10 @@ static int set_user_info (char *username, char *fullname, char *homedir, char *d print_user_info (username, True, False); else { fprintf (stderr, "Unable to modify entry!\n"); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return -1; } - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return 0; } @@ -222,7 +222,7 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive, if (!(pwd = sys_getpwnam(username))) { fprintf (stderr, "User %s does not exist in system passwd!\n", username); - pdb_free_sam (sam_pwent); + pdb_free_sam (&sam_pwent); return -1; } @@ -230,7 +230,7 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive, password2 = getpass("retype new password:"); if (strcmp (password1, password2)) { fprintf (stderr, "Passwords does not match!\n"); - pdb_free_sam (sam_pwent); + pdb_free_sam (&sam_pwent); return -1; } @@ -260,10 +260,10 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive, print_user_info (username, True, False); } else { fprintf (stderr, "Unable to add user! (does it alredy exist?)\n"); - pdb_free_sam (sam_pwent); + pdb_free_sam (&sam_pwent); return -1; } - pdb_free_sam (sam_pwent); + pdb_free_sam (&sam_pwent); return 0; } @@ -297,7 +297,7 @@ static int new_machine (char *machinename) for (uid=BASE_MACHINE_UID; uid<=MAX_MACHINE_UID; uid++) { pdb_init_sam (&sam_trust); if (pdb_getsampwuid (sam_trust, uid)) { - pdb_free_sam (sam_trust); + pdb_free_sam (&sam_trust); } else { break; } @@ -305,7 +305,7 @@ static int new_machine (char *machinename) if (uid>MAX_MACHINE_UID) { fprintf (stderr, "No more free UIDs available to Machine accounts!\n"); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return -1; } @@ -319,10 +319,10 @@ static int new_machine (char *machinename) print_user_info (name, True, False); } else { fprintf (stderr, "Unable to add machine! (does it already exist?)\n"); - pdb_free_sam (sam_pwent); + pdb_free_sam (&sam_pwent); return -1; } - pdb_free_sam (sam_pwent); + pdb_free_sam (&sam_pwent); return 0; } @@ -383,7 +383,7 @@ static int import_users (char *filename) fgets(linebuf, 256, fp); if (ferror(fp)) { fprintf (stderr, "%s\n", strerror (ferror (fp))); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return -1; } if ((linebuf_len = strlen(linebuf)) == 0) { @@ -401,7 +401,7 @@ static int import_users (char *filename) linebuf[linebuf_len] = '\0'; if ((linebuf[0] == 0) && feof(fp)) { /*end of file!!*/ - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return 0; } line++; @@ -558,7 +558,7 @@ static int import_users (char *filename) pdb_reset_sam (sam_pwent); } printf ("%d lines read.\n%d entryes imported\n", line, good); - pdb_free_sam(sam_pwent); + pdb_free_sam(&sam_pwent); return 0; } diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 14b10c1700..168547c712 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -524,7 +524,7 @@ static BOOL password_change(const char *remote_machine, char *user_name, return False; } ret = remote_password_change(remote_machine, user_name, - old_passwd, new_passwd, err_str, sizeof(err_str)); + old_passwd, new_passwd, err_str, sizeof(err_str)); if(*err_str) fprintf(stderr, err_str); return ret; @@ -707,7 +707,7 @@ static int process_root(int argc, char *argv[]) usage(); } - if (!user_name[0] && (pwd = sys_getpwuid(0))) { + if (!user_name[0] && (pwd = sys_getpwuid(geteuid()))) { fstrcpy(user_name, pwd->pw_name); } @@ -768,7 +768,7 @@ static int process_root(int argc, char *argv[]) if((sampass != False) && (pdb_get_lanman_passwd(sampass) != NULL)) { new_passwd = xstrdup("XXXX"); /* Don't care. */ } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); } if(!new_passwd) @@ -799,7 +799,7 @@ static int process_root(int argc, char *argv[]) if((ret != False) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) ) printf(" User has no password flag set."); printf("\n"); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); } done: |