summaryrefslogtreecommitdiff
path: root/source3/smbd/chgpasswd.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/chgpasswd.c')
-rw-r--r--source3/smbd/chgpasswd.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 5c1d9a79a6..6bc8626d81 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -674,6 +674,8 @@ BOOL check_lanman_password(char *user, uchar * pass1,
Code to change the lanman hashed password.
It nulls out the NT hashed password as it will
no longer be valid.
+ NOTE this function is designed to be called as root. Check the old password
+ is correct before calling. JRA.
************************************************************/
BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar *pass2)
@@ -730,9 +732,7 @@ BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar *pass2)
}
/* Now flush the sam_passwd struct to persistent storage */
- become_root();
ret = pdb_update_sam_account (sampass);
- unbecome_root();
return ret;
}
@@ -740,6 +740,7 @@ BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar *pass2)
/***********************************************************
Code to check and change the OEM hashed password.
************************************************************/
+
NTSTATUS pass_oem_change(char *user,
uchar * lmdata, uchar * lmhash,
uchar * ntdata, uchar * nthash)
@@ -747,8 +748,7 @@ NTSTATUS pass_oem_change(char *user,
fstring new_passwd;
const char *unix_user;
SAM_ACCOUNT *sampass = NULL;
- NTSTATUS nt_status
- = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
+ NTSTATUS nt_status = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
&sampass, new_passwd, sizeof(new_passwd));
if (!NT_STATUS_IS_OK(nt_status))
@@ -765,7 +765,10 @@ NTSTATUS pass_oem_change(char *user,
unix_user = pdb_get_username(sampass);
+ /* We've already checked the old password here.... */
+ become_root();
nt_status = change_oem_password(sampass, NULL, new_passwd);
+ unbecome_root();
memset(new_passwd, 0, sizeof(new_passwd));
@@ -942,6 +945,8 @@ static NTSTATUS check_oem_password(const char *user,
/***********************************************************
Code to change the oem password. Changes both the lanman
and NT hashes. Old_passwd is almost always NULL.
+ NOTE this function is designed to be called as root. Check the old password
+ is correct before calling. JRA.
************************************************************/
NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd)
@@ -997,9 +1002,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
}
/* Now write it into the file. */
- become_root();
ret = pdb_update_sam_account (hnd);
- unbecome_root();
if (!ret) {
return NT_STATUS_ACCESS_DENIED;