From 3eae1e3f8e53c51f638b1b381085f29feea1c517 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 30 Apr 1998 01:39:22 +0000
Subject: Added patch from Bruce Tenison <btenison@dibbs.net> to allow
 encrypted passwords to be stored over time, allowing a smbpasswd file
 migration. Adds new parameter "update encrypted". Will also add to 1.9.18
 branch. Docs update to follow. Jeremy. (This used to be commit
 5d3e874d780d595415cc27a7f5945fc2e694c3ac)

---
 source3/include/proto.h         |  6 ++++--
 source3/param/loadparm.c        |  4 ++++
 source3/passdb/smbpass.c        | 10 ++++++----
 source3/rpc_server/srv_netlog.c |  2 +-
 source3/smbd/chgpasswd.c        |  8 +++++---
 source3/smbd/ipc.c              |  2 +-
 source3/smbd/password.c         | 32 ++++++++++++++++++++++++++++++++
 source3/utils/smbpasswd.c       |  2 +-
 source3/web/swat.c              |  2 ++
 9 files changed, 56 insertions(+), 12 deletions(-)

(limited to 'source3')

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 76fb11c12e..0965527205 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -41,7 +41,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi
 BOOL check_oem_password(char *user, unsigned char *data,
                         struct smb_passwd **psmbpw, char *new_passwd,
                         int new_passwd_size);
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd);
+BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL flag);
 
 /*The following definitions come from  client.c  */
 
@@ -971,6 +971,7 @@ BOOL lp_writeraw(void);
 BOOL lp_null_passwords(void);
 BOOL lp_strip_dot(void);
 BOOL lp_encrypted_passwords(void);
+BOOL lp_update_encrypted(void);
 BOOL lp_syslog_only(void);
 BOOL lp_browse_list(void);
 BOOL lp_unix_realname(void);
@@ -1555,6 +1556,7 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups,
          int **p_attrs);
 uint16 register_vuid(int uid,int gid, char *name,BOOL guest);
 void add_session_user(char *user);
+BOOL update_smbpassword_file( char *user, fstring password);
 void dfs_unlogin(void);
 BOOL password_check(char *password);
 BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
@@ -1770,7 +1772,7 @@ struct smb_passwd *getsmbpwnam(char *name);
 struct smb_passwd *getsmbpwuid(unsigned int uid);
 char *encode_acct_ctrl(uint16 acct_ctrl);
 BOOL add_smbpwd_entry(struct smb_passwd *newpwd);
-BOOL mod_smbpwd_entry(struct smb_passwd* pwd);
+BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override);
 void *machine_password_lock( char *domain, char *name, BOOL update);
 BOOL machine_password_unlock( void *token );
 BOOL machine_password_delete( char *domain, char *name );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index dda31f3efe..e4d27f1f64 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -176,6 +176,7 @@ typedef struct
   BOOL bDomainMaster;
   BOOL bDomainLogons;
   BOOL bEncryptPasswords;
+  BOOL bUpdateEncrypt;
   BOOL bStripDot;
   BOOL bNullPasswords;
   BOOL bLoadPrinters;
@@ -436,6 +437,7 @@ static struct parm_struct parm_table[] =
   {"Security Options", P_SEP, P_SEPARATOR},
   {"security",         P_ENUM,    P_GLOBAL, &Globals.security,          NULL,   enum_security, FLAG_BASIC},
   {"encrypt passwords",P_BOOL,    P_GLOBAL, &Globals.bEncryptPasswords, NULL,   NULL,  FLAG_BASIC},
+  {"update encrypted", P_BOOL,    P_GLOBAL, &Globals.bUpdateEncrypt,    NULL,   NULL,  FLAG_BASIC},
   {"use rhosts",       P_BOOL,    P_GLOBAL, &Globals.bUseRhosts,        NULL,   NULL,  0},
   {"null passwords",   P_BOOL,    P_GLOBAL, &Globals.bNullPasswords,    NULL,   NULL,  0},
   {"password server",  P_STRING,  P_GLOBAL, &Globals.szPasswordServer,  NULL,   NULL,  0},
@@ -723,6 +725,7 @@ static void init_globals(void)
   Globals.maxprotocol = PROTOCOL_NT1;
   Globals.security = SEC_SHARE;
   Globals.bEncryptPasswords = False;
+  Globals.bUpdateEncrypt = False;
   Globals.bReadRaw = True;
   Globals.bWriteRaw = True;
   Globals.bReadPrediction = False;
@@ -977,6 +980,7 @@ FN_GLOBAL_BOOL(lp_writeraw,&Globals.bWriteRaw)
 FN_GLOBAL_BOOL(lp_null_passwords,&Globals.bNullPasswords)
 FN_GLOBAL_BOOL(lp_strip_dot,&Globals.bStripDot)
 FN_GLOBAL_BOOL(lp_encrypted_passwords,&Globals.bEncryptPasswords)
+FN_GLOBAL_BOOL(lp_update_encrypted,&Globals.bUpdateEncrypt)
 FN_GLOBAL_BOOL(lp_syslog_only,&Globals.bSyslogOnly)
 FN_GLOBAL_BOOL(lp_browse_list,&Globals.bBrowseList)
 FN_GLOBAL_BOOL(lp_unix_realname,&Globals.bUnixRealname)
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 2ab21f78ef..cd3cc76909 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -731,9 +731,11 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
  and then modify its password entry. We can't use the startsmbpwent()/
  getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
  in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
 ************************************************************************/
 
-BOOL mod_smbpwd_entry(struct smb_passwd* pwd)
+BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
 {
   /* Static buffers we will return. */
   static pstring  user_name;
@@ -895,9 +897,9 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd)
   /* Record exact password position */
   pwd_seekpos += PTR_DIFF(p, linebuf);
 
-  if (*p == '*' || *p == 'X') {
+  if (!override && (*p == '*' || *p == 'X')) {
     /* Password deliberately invalid - end here. */
-    DEBUG(10, ("get_smbpwd_entry: entry invalidated for user %s\n", user_name));
+    DEBUG(10, ("mod_smbpwd_entry: entry invalidated for user %s\n", user_name));
     pw_file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
@@ -917,7 +919,7 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd)
     return False;
   }
 
-  if (*p == '*' || *p == 'X') {
+  if (!override && (*p == '*' || *p == 'X')) {
     pw_file_unlock(lockfd,&pw_file_lock_depth);
     fclose(fp);
     return False;
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 743e4477a6..6229d5ea0b 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -410,7 +410,7 @@ static void api_net_srv_pwset( int uid,
                   smb_pass->acct_ctrl     = ACB_WSTRUST;
 
                   become_root(True);
-                  ret = mod_smbpwd_entry(smb_pass);
+                  ret = mod_smbpwd_entry(smb_pass,False);
                   unbecome_root(True);
 
                   if (ret)
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 92bdb1adf0..4bdfaec453 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -536,7 +536,7 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi
 
   /* Now write it into the file. */
   become_root(0);
-  ret = mod_smbpwd_entry(smbpw);
+  ret = mod_smbpwd_entry(smbpw,False);
   unbecome_root(0);
     
   return ret;
@@ -632,9 +632,11 @@ BOOL check_oem_password(char *user, unsigned char *data,
 /***********************************************************
  Code to change the oem password. Changes both the lanman
  and NT hashes.
+ override = False, normal
+ override = True, override XXXXXXXXXX'd password
 ************************************************************/
 
-BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd)
+BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override)
 {
   int ret;
   fstring upper_case_new_passwd;
@@ -654,7 +656,7 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd)
   
   /* Now write it into the file. */
   become_root(0);
-  ret = mod_smbpwd_entry(smbpw);
+  ret = mod_smbpwd_entry(smbpw,override);
   unbecome_root(0);
 
   memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd));
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index e3dcda9004..2f9cc00dc9 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1719,7 +1719,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
   if(lp_unix_password_sync())
     chgpasswd(user,"", new_passwd, True);
  
-  if(change_oem_password( smbpw, new_passwd)) {
+  if(change_oem_password( smbpw, new_passwd, False)) {
     SSVAL(*rparam,0,NERR_Success);
   }
 
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 180c51f4ea..57e7775b71 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -423,6 +423,31 @@ static char *osf1_bigcrypt(char *password,char *salt1)
 }
 #endif
 
+/****************************************************************************
+update the encrypted smbpasswd file from the plaintext username and password
+*****************************************************************************/
+BOOL update_smbpassword_file( char *user, fstring password)
+{
+  struct smb_passwd *smbpw;
+  BOOL ret;
+
+  become_root(0);
+  smbpw = getsmbpwnam(user);
+  unbecome_root(0);
+
+  if(smbpw == NULL)
+  {
+    DEBUG(0,("update_smbpassword_file: getsmbpwnam returned NULL\n"));
+    return False;
+  }
+ 
+  /* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */
+  ret = change_oem_password( smbpw, password, True);
+  if (ret == False)
+    DEBUG(3,("update_smbpasswd_file: change_oem_password returned False\n"));
+
+  return ret;
+}
 
 /****************************************************************************
 update the enhanced security database. Only relevant for OSF1 at the moment.
@@ -1051,6 +1076,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
   struct passwd *pass;
   char challenge[8];
   struct smb_passwd *smb_pass;
+  BOOL update_encrypted = lp_update_encrypted();
   BOOL challenge_done = False;
 
   if (password) password[pwlen] = 0;
@@ -1231,6 +1257,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
   if (password_check(password))
     {
       update_protected_database(user,True);
+      if (update_encrypted)
+        update_smbpassword_file(user,password);
       return(True);
     }
 
@@ -1248,6 +1276,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
   if (password_check(password))
     {
       update_protected_database(user,True);
+      if (update_encrypted)
+        update_smbpassword_file(user,password);
       return(True);
     }
 
@@ -1268,6 +1298,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
   if (string_combinations(password,password_check,level))
     {
       update_protected_database(user,True);
+      if (update_encrypted)
+        update_smbpassword_file(user,password);
       return(True);
     }
 
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 338c0d5650..050be7e9b8 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -727,7 +727,7 @@ int main(int argc, char **argv)
     smb_pwent->smb_nt_passwd = new_nt_p16;
   }
 
-  if(mod_smbpwd_entry(smb_pwent) == False) {
+  if(mod_smbpwd_entry(smb_pwent,True) == False) {
     fprintf(stderr, "%s: Failed to modify entry for user %s.\n",
             prog_name, pwd->pw_name);
     endsmbpwent(vp);
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 6d155d8804..53131461c9 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -34,6 +34,8 @@ static pstring servicesf = CONFIGFILE;
 /* we need these because we link to locking*.o */
  void become_root(BOOL save_dir) {}
  void unbecome_root(BOOL restore_dir) {}
+/* We need this because we link to password.o */
+BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override) {return False;}
 connection_struct Connections[MAX_CONNECTIONS];
 files_struct Files[MAX_OPEN_FILES];
 struct current_user current_user;
-- 
cgit