diff options
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_sam.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_unix.c | 32 |
3 files changed, 30 insertions, 10 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 5b6b2d4c42..6aa2714b0b 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -189,6 +189,10 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user, user_info.lm_resp.buffer = (uint8 *)local_lm_response; user_info.lm_resp.len = 24; + + /* WATCH OUT. This doesn't work if the incoming password is incorrectly cased. + We might want to add a check here and only do an LM in that case */ + /* This encrypts the lm_pwd feild, which actualy contains the password rather than the nt_pwd field becouse that contains nothing */ SMBNTencrypt((uchar *)lm_pwd, user_info.chal, local_nt_response); diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 567414d1a2..8159ad988f 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -306,7 +306,7 @@ NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_ if (ret == False) { DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->unix_username.str)); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } @@ -316,7 +316,7 @@ NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_ nt_status = sam_account_ok(sampass, user_info); } - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return nt_status; } diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 5582682d98..0d73988d8a 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -31,7 +31,7 @@ this ugly hack needs to die, but not quite yet... static BOOL update_smbpassword_file(char *user, char *password) { SAM_ACCOUNT *sampass = NULL; - BOOL ret; + BOOL ret; pdb_init_sam(&sampass); @@ -41,7 +41,7 @@ static BOOL update_smbpassword_file(char *user, char *password) if(ret == False) { DEBUG(0,("pdb_getsampwnam returned NULL\n")); - pdb_free_sam(sampass); + pdb_free_sam(&sampass); return False; } @@ -49,16 +49,32 @@ static BOOL update_smbpassword_file(char *user, char *password) * Remove the account disabled flag - we are updating the * users password from a login. */ - pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED); + if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) { + pdb_free_sam(&sampass); + return False; + } + + if (!pdb_set_plaintext_passwd (sampass, password)) { + pdb_free_sam(&sampass); + return False; + } - /* Here, the flag is one, because we want to ignore the + /* Now write it into the file. */ + become_root(); + + /* Here, the override flag is True, because we want to ignore the XXXXXXX'd out password */ - ret = change_oem_password( sampass, password, True); - if (ret == False) { - DEBUG(3,("change_oem_password returned False\n")); + ret = pdb_update_sam_account (sampass, True); + + unbecome_root(); + + if (ret) { + DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } - pdb_free_sam(sampass); + memset(password, '\0', strlen(password)); + + pdb_free_sam(&sampass); return ret; } |