4 * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module. Copyright
5 * (C) Jeremy Allison 1995-1997.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License as published by the Free
9 * Software Foundation; either version 2 of the License, or (at your option)
12 * This program is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 * You should have received a copy of the GNU General Public License along with
18 * this program; if not, write to the Free Software Foundation, Inc., 675
19 * Mass Ave, Cambridge, MA 02139, USA.
25 /* Static buffers we will return. */
26 static struct smb_passwd pw_buf;
27 static pstring user_name;
28 static unsigned char smbpwd[16];
29 static unsigned char smbntpwd[16];
31 static int gethexpwd(char *p, char *pwd)
34 unsigned char lonybble, hinybble;
35 char *hexchars = "0123456789ABCDEF";
37 for (i = 0; i < 32; i += 2) {
38 hinybble = toupper(p[i]);
39 lonybble = toupper(p[i + 1]);
41 p1 = strchr(hexchars, hinybble);
42 p2 = strchr(hexchars, lonybble);
46 hinybble = PTR_DIFF(p1, hexchars);
47 lonybble = PTR_DIFF(p2, hexchars);
49 pwd[i / 2] = (hinybble << 4) | lonybble;
55 _my_get_smbpwnam(FILE * fp, char *name, BOOL * valid_old_pwd,
56 BOOL *got_valid_nt_entry, long *pwd_seekpos)
65 * Scan the file, a line at a time and check if the name matches.
69 *pwd_seekpos = ftell(fp);
71 fgets(linebuf, 256, fp);
76 * Check if the string is terminated with a newline - if not
77 * then we must keep reading and discard until we get one.
79 linebuf_len = strlen(linebuf);
80 if (linebuf[linebuf_len - 1] != '\n') {
82 while (!ferror(fp) && !feof(fp)) {
88 linebuf[linebuf_len - 1] = '\0';
90 if ((linebuf[0] == 0) && feof(fp))
93 * The line we have should be of the form :-
95 * username:uid:[32hex bytes]:....other flags presently
100 * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
102 * if Windows NT compatible passwords are also present.
105 if (linebuf[0] == '#' || linebuf[0] == '\0')
107 p = (unsigned char *) strchr(linebuf, ':');
111 * As 256 is shorter than a pstring we don't need to check
112 * length here - if this ever changes....
114 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
115 user_name[PTR_DIFF(p, linebuf)] = '\0';
116 if (!strequal(user_name, name))
119 /* User name matches - get uid and password */
120 p++; /* Go past ':' */
124 uidval = atoi((char *) p);
125 while (*p && isdigit(*p))
132 * Now get the password value - this should be 32 hex digits
133 * which are the ascii representations of a 16 byte string.
134 * Get two at a time and put them into the password.
137 *pwd_seekpos += PTR_DIFF(p, linebuf); /* Save exact position
138 * of passwd in file -
141 if (*p == '*' || *p == 'X') {
142 /* Password deliberately invalid - end here. */
143 *valid_old_pwd = False;
144 *got_valid_nt_entry = False;
145 pw_buf.smb_nt_passwd = NULL; /* No NT password (yet)*/
147 /* Now check if the NT compatible password is
149 p += 33; /* Move to the first character of the line after
150 the lanman password. */
151 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
152 /* NT Entry was valid - even if 'X' or '*', can be overwritten */
153 *got_valid_nt_entry = True;
154 if (*p != '*' && *p != 'X') {
155 if (gethexpwd((char *)p,(char *)smbntpwd))
156 pw_buf.smb_nt_passwd = smbntpwd;
159 pw_buf.smb_name = user_name;
160 pw_buf.smb_userid = uidval;
161 pw_buf.smb_passwd = NULL; /* No password */
164 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
170 if (!strncasecmp((char *)p, "NO PASSWORD", 11)) {
171 pw_buf.smb_passwd = NULL; /* No password */
173 if(!gethexpwd((char *)p,(char *)smbpwd))
175 pw_buf.smb_passwd = smbpwd;
178 pw_buf.smb_name = user_name;
179 pw_buf.smb_userid = uidval;
180 pw_buf.smb_nt_passwd = NULL;
181 *got_valid_nt_entry = False;
182 *valid_old_pwd = True;
184 /* Now check if the NT compatible password is
186 p += 33; /* Move to the first character of the line after
187 the lanman password. */
188 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
189 /* NT Entry was valid - even if 'X' or '*', can be overwritten */
190 *got_valid_nt_entry = True;
191 if (*p != '*' && *p != 'X') {
192 if (gethexpwd((char *)p,(char *)smbntpwd))
193 pw_buf.smb_nt_passwd = smbntpwd;
202 * Print command usage on stderr and die.
204 static void usage(char *name)
206 fprintf(stderr, "Usage is : %s [-add] [username]\n", name);
210 int main(int argc, char **argv)
216 uchar old_nt_p16[16];
219 uchar new_nt_p16[16];
221 struct smb_passwd *smb_pwent;
223 BOOL valid_old_pwd = False;
224 BOOL got_valid_nt_entry = False;
225 BOOL add_user = False;
230 int ret, i, err, writelen;
232 char *pfile = SMB_PASSWD_FILE;
233 char readbuf[16 * 1024];
237 setup_logging(argv[0],True);
239 charset_initialise(0);
241 #ifndef DEBUG_PASSWORD
242 /* Check the effective uid */
243 if (geteuid() != 0) {
244 fprintf(stderr, "%s: Must be setuid root.\n", argv[0]);
249 /* Get the real uid */
252 /* Deal with usage problems */
254 /* As root we can change anothers password and add a user. */
257 } else if (argc != 1) {
258 fprintf(stderr, "%s: Only root can set anothers password.\n", argv[0]);
262 if (real_uid == 0 && (argc > 1)) {
263 /* We are root - check if we should add the user */
264 if ((argv[1][0] == '-') && (argv[1][1] == 'a'))
266 if(add_user && (argc != 3))
269 /* If we are root we can change anothers password. */
270 strncpy(user_name, add_user ? argv[2] : argv[1], sizeof(user_name) - 1);
271 user_name[sizeof(user_name) - 1] = '\0';
272 pwd = getpwnam(user_name);
274 pwd = getpwuid(real_uid);
278 fprintf(stderr, "%s: Unable to get UNIX password entry for user.\n", argv[0]);
281 /* If we are root we don't ask for the old password. */
282 old_passwd[0] = '\0';
284 p = getpass("Old SMB password:");
285 strncpy(old_passwd, p, sizeof(fstring));
286 old_passwd[sizeof(fstring)-1] = '\0';
288 new_passwd[0] = '\0';
289 p = getpass("New SMB password:");
290 strncpy(new_passwd, p, sizeof(fstring));
291 new_passwd[sizeof(fstring)-1] = '\0';
292 p = getpass("Retype new SMB password:");
293 if (strcmp(p, new_passwd)) {
294 fprintf(stderr, "%s: Mismatch - password unchanged.\n", argv[0]);
298 if (new_passwd[0] == '\0') {
299 printf("Password not set\n");
303 /* Calculate the MD4 hash (NT compatible) of the old and new passwords */
304 memset(old_nt_p16, '\0', 16);
305 E_md4hash((uchar *)old_passwd, old_nt_p16);
307 memset(new_nt_p16, '\0', 16);
308 E_md4hash((uchar *) new_passwd, new_nt_p16);
310 /* Mangle the passwords into Lanman format */
311 old_passwd[14] = '\0';
312 strupper(old_passwd);
313 new_passwd[14] = '\0';
314 strupper(new_passwd);
317 * Calculate the SMB (lanman) hash functions of both old and new passwords.
320 memset(old_p16, '\0', 16);
321 E_P16((uchar *) old_passwd, old_p16);
323 memset(new_p16, '\0', 16);
324 E_P16((uchar *) new_passwd, new_p16);
327 * Open the smbpaswd file XXXX - we need to parse smb.conf to get the
330 if ((fp = fopen(pfile, "r+")) == NULL) {
332 fprintf(stderr, "%s: Failed to open password file %s.\n",
338 /* Set read buffer to 16k for effiecient reads */
339 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
341 /* make sure it is only rw by the owner */
344 /* Lock the smbpasswd file for write. */
345 if ((lockfd = pw_file_lock(pfile, F_WRLCK, 5)) < 0) {
347 fprintf(stderr, "%s: Failed to lock password file %s.\n",
354 /* Get the smb passwd entry for this user */
355 smb_pwent = _my_get_smbpwnam(fp, pwd->pw_name, &valid_old_pwd,
356 &got_valid_nt_entry, &seekpos);
357 if (smb_pwent == NULL) {
358 if(add_user == False) {
359 fprintf(stderr, "%s: Failed to find entry for user %s in file %s.\n",
360 argv[0], pwd->pw_name, pfile);
362 pw_file_unlock(lockfd);
366 /* Create a new smb passwd entry and set it to the given password. */
370 int new_entry_length;
375 /* The add user write needs to be atomic - so get the fd from
376 the fp and do a raw write() call.
380 if((offpos = lseek(fd, 0, SEEK_END)) == -1) {
381 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
382 Error was %d\n", argv[0], pwd->pw_name, pfile, errno);
384 pw_file_unlock(lockfd);
388 new_entry_length = strlen(pwd->pw_name) + 1 + 15 + 1 +
389 32 + 1 + 32 + 1 + strlen(pwd->pw_gecos) +
390 1 + strlen(pwd->pw_dir) + 1 +
391 strlen(pwd->pw_shell) + 1;
392 if((new_entry = (char *)malloc( new_entry_length )) == 0) {
393 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
394 Error was %d\n", argv[0], pwd->pw_name, pfile, errno);
396 pw_file_unlock(lockfd);
400 sprintf(new_entry, "%s:%u:", pwd->pw_name, pwd->pw_uid);
401 p = &new_entry[strlen(new_entry)];
402 for( i = 0; i < 16; i++)
403 sprintf(&p[i*2], "%02X", new_p16[i]);
406 for( i = 0; i < 16; i++)
407 sprintf(&p[i*2], "%02X", old_p16[i]);
410 sprintf(p, "%s:%s:%s\n", pwd->pw_gecos,
411 pwd->pw_dir, pwd->pw_shell);
412 if(write(fd, new_entry, strlen(new_entry)) != strlen(new_entry)) {
413 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
414 Error was %d\n", argv[0], pwd->pw_name, pfile, errno);
415 /* Remove the entry we just wrote. */
416 if(ftruncate(fd, offpos) == -1) {
417 fprintf(stderr, "%s: ERROR failed to ftruncate file %s. \
418 Error was %d. Password file may be corrupt ! Please examine by hand !\n",
419 argv[0], pwd->pw_name, errno);
422 pw_file_unlock(lockfd);
427 pw_file_unlock(lockfd);
432 /* If we are root or the password is 'NO PASSWORD' then
433 we don't need to check the old password. */
435 if (valid_old_pwd == False) {
436 fprintf(stderr, "%s: User %s is disabled, plase contact your administrator to enable it.\n", argv[0], pwd->pw_name);
438 pw_file_unlock(lockfd);
441 /* Check the old Lanman password - NULL means 'NO PASSWORD' */
442 if (smb_pwent->smb_passwd != NULL) {
443 if (memcmp(old_p16, smb_pwent->smb_passwd, 16)) {
444 fprintf(stderr, "%s: Couldn't change password.\n", argv[0]);
446 pw_file_unlock(lockfd);
450 /* Check the NT password if it exists */
451 if (smb_pwent->smb_nt_passwd != NULL) {
452 if (memcmp(old_nt_p16, smb_pwent->smb_nt_passwd, 16)) {
453 fprintf(stderr, "%s: Couldn't change password.\n", argv[0]);
455 pw_file_unlock(lockfd);
461 * If we get here either we were root or the old password checked out
464 /* Create the 32 byte representation of the new p16 */
465 for (i = 0; i < 16; i++) {
466 sprintf(&ascii_p16[i * 2], "%02X", (uchar) new_p16[i]);
468 if(got_valid_nt_entry) {
469 /* Add on the NT md4 hash */
471 for (i = 0; i < 16; i++) {
472 sprintf(&ascii_p16[(i * 2)+33], "%02X", (uchar) new_nt_p16[i]);
476 * Do an atomic write into the file at the position defined by
480 ret = lseek(pwfd, seekpos - 1, SEEK_SET);
481 if (ret != seekpos - 1) {
483 fprintf(stderr, "%s: seek fail on file %s.\n",
488 pw_file_unlock(lockfd);
491 /* Sanity check - ensure the character is a ':' */
492 if (read(pwfd, &c, 1) != 1) {
494 fprintf(stderr, "%s: read fail on file %s.\n",
499 pw_file_unlock(lockfd);
503 fprintf(stderr, "%s: sanity check on passwd file %s failed.\n",
506 pw_file_unlock(lockfd);
509 writelen = (got_valid_nt_entry) ? 65 : 32;
510 if (write(pwfd, ascii_p16, writelen) != writelen) {
512 fprintf(stderr, "%s: write fail in file %s.\n",
517 pw_file_unlock(lockfd);
521 pw_file_unlock(lockfd);
522 printf("Password changed\n");
528 #include "includes.h"
531 main(int argc, char **argv)
533 printf("smb password encryption not selected in Makefile\n");