From 83db39d2b5624217422b4c10509d589018f7a329 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2001 12:12:26 +0000 Subject: Fix this to use the plaintext password code directly, like SWAT does. This whole area needs to be cleaned up. Should this kind of passowrd change/check be permitted with encrypt passwords = yes? In any case I've also had trouble testing this, as I can't find the right software/configuration to exersise this behaviour. But its better than the previous situation. Any assistance greatly appriciated. Andrew Bartlett (This used to be commit 37655b42897031f754d436435e64a2548de756b5) --- source3/smbd/lanman.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 4d3da88783..e9213e75a2 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1834,6 +1834,8 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param fstring user; fstring pass1,pass2; + struct passwd *passwd; + pull_ascii_fstring(user,p); p = skip_string(p,1); @@ -1863,7 +1865,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param /* * Do any UNIX username case mangling. */ - (void)Get_Pwnam( user, True); + passwd = Get_Pwnam( user, True); /* * Attempt to verify the old password against smbpasswd entries @@ -1906,13 +1908,15 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param if(SVAL(*rparam,0) != NERR_Success) { - if (password_ok(user, pass1,strlen(pass1)) && - chgpasswd(user,pass1,pass2,False)) - { - SSVAL(*rparam,0,NERR_Success); - } + if NT_STATUS_IS_OK(pass_check(passwd, user, pass1, + strlen(pass1), NULL, False)) + { + if (chgpasswd(user,pass1,pass2,False)) { + SSVAL(*rparam,0,NERR_Success); + } + } } - + /* * If the plaintext change failed, attempt * the old encrypted method. NT will generate this -- cgit