2 * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module. Copyright
3 * (C) Jeremy Allison 1995-1998
5 * This program is free software; you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License as published by the Free
7 * Software Foundation; either version 2 of the License, or (at your option)
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 675
17 * Mass Ave, Cambridge, MA 02139, USA.
23 * Password changing error codes.
30 } pw_change_errmap[] =
32 {5, "User has insufficient privilege" },
33 {86, "The specified password is invalid" },
34 {2226, "Operation only permitted on a Primary Domain Controller" },
35 {2243, "The password cannot be changed" },
36 {2246, "The password is too short" },
40 static int gethexpwd(char *p, char *pwd)
43 unsigned char lonybble, hinybble;
44 char *hexchars = "0123456789ABCDEF";
46 for (i = 0; i < 32; i += 2) {
47 hinybble = toupper(p[i]);
48 lonybble = toupper(p[i + 1]);
50 p1 = strchr(hexchars, hinybble);
51 p2 = strchr(hexchars, lonybble);
55 hinybble = PTR_DIFF(p1, hexchars);
56 lonybble = PTR_DIFF(p2, hexchars);
58 pwd[i / 2] = (hinybble << 4) | lonybble;
63 static struct smb_passwd *
64 _my_get_smbpwnam(FILE * fp, char *name, BOOL * valid_old_pwd,
65 BOOL *got_valid_nt_entry, long *pwd_seekpos)
67 /* Static buffers we will return. */
68 static struct smb_passwd pw_buf;
69 static pstring user_name;
70 static unsigned char smbpwd[16];
71 static unsigned char smbntpwd[16];
80 * Scan the file, a line at a time and check if the name matches.
84 *pwd_seekpos = ftell(fp);
86 fgets(linebuf, 256, fp);
91 * Check if the string is terminated with a newline - if not
92 * then we must keep reading and discard until we get one.
94 linebuf_len = strlen(linebuf);
95 if (linebuf[linebuf_len - 1] != '\n') {
97 while (!ferror(fp) && !feof(fp)) {
103 linebuf[linebuf_len - 1] = '\0';
105 if ((linebuf[0] == 0) && feof(fp))
108 * The line we have should be of the form :-
110 * username:uid:[32hex bytes]:....other flags presently
115 * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
117 * if Windows NT compatible passwords are also present.
120 if (linebuf[0] == '#' || linebuf[0] == '\0')
122 p = (unsigned char *) strchr(linebuf, ':');
126 * As 256 is shorter than a pstring we don't need to check
127 * length here - if this ever changes....
129 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
130 user_name[PTR_DIFF(p, linebuf)] = '\0';
131 if (!strequal(user_name, name))
134 /* User name matches - get uid and password */
135 p++; /* Go past ':' */
139 uidval = atoi((char *) p);
140 while (*p && isdigit(*p))
147 * Now get the password value - this should be 32 hex digits
148 * which are the ascii representations of a 16 byte string.
149 * Get two at a time and put them into the password.
152 *pwd_seekpos += PTR_DIFF(p, linebuf); /* Save exact position
153 * of passwd in file -
156 if (*p == '*' || *p == 'X') {
157 /* Password deliberately invalid - end here. */
158 *valid_old_pwd = False;
159 *got_valid_nt_entry = False;
160 pw_buf.smb_nt_passwd = NULL; /* No NT password (yet)*/
162 /* Now check if the NT compatible password is
164 p += 33; /* Move to the first character of the line after
165 the lanman password. */
166 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
167 /* NT Entry was valid - even if 'X' or '*', can be overwritten */
168 *got_valid_nt_entry = True;
169 if (*p != '*' && *p != 'X') {
170 if (gethexpwd((char *)p,(char *)smbntpwd))
171 pw_buf.smb_nt_passwd = smbntpwd;
174 pw_buf.smb_name = user_name;
175 pw_buf.smb_userid = uidval;
176 pw_buf.smb_passwd = NULL; /* No password */
179 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
185 if (!strncasecmp((char *)p, "NO PASSWORD", 11)) {
186 pw_buf.smb_passwd = NULL; /* No password */
188 if(!gethexpwd((char *)p,(char *)smbpwd))
190 pw_buf.smb_passwd = smbpwd;
193 pw_buf.smb_name = user_name;
194 pw_buf.smb_userid = uidval;
195 pw_buf.smb_nt_passwd = NULL;
196 *got_valid_nt_entry = False;
197 *valid_old_pwd = True;
199 /* Now check if the NT compatible password is
201 p += 33; /* Move to the first character of the line after
202 the lanman password. */
203 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
204 /* NT Entry was valid - even if 'X' or '*', can be overwritten */
205 *got_valid_nt_entry = True;
206 if (*p != '*' && *p != 'X') {
207 if (gethexpwd((char *)p,(char *)smbntpwd))
208 pw_buf.smb_nt_passwd = smbntpwd;
217 * Print command usage on stderr and die.
219 static void usage(char *name, BOOL is_root)
222 fprintf(stderr, "Usage is : %s [-a] [username] [password]\n\
223 %s: [-r machine] [username] [password]\n%s: [-h]", name, name, name);
225 fprintf(stderr, "Usage is : %s [-h] [-r machine] [password]\n", name);
229 int main(int argc, char **argv)
238 uchar old_nt_p16[16];
241 uchar new_nt_p16[16];
243 struct smb_passwd *smb_pwent;
245 BOOL valid_old_pwd = False;
246 BOOL got_valid_nt_entry = False;
251 int ret, i, err, writelen;
253 char *pfile = SMB_PASSWD_FILE;
254 char readbuf[16 * 1024];
255 BOOL is_root = False;
257 char *remote_machine = NULL;
258 BOOL add_user = False;
259 BOOL got_new_pass = False;
260 pstring servicesf = CONFIGFILE;
262 new_passwd[0] = '\0';
265 memset(old_passwd, '\0', sizeof(old_passwd));
266 memset(new_passwd, '\0', sizeof(old_passwd));
272 setup_logging(prog_name,True);
274 charset_initialise();
276 if (!lp_load(servicesf,True,False,False)) {
277 fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n", prog_name, servicesf);
280 codepage_initialise(lp_client_code_page());
282 /* Get the real uid */
285 /* Check the effective uid */
286 if ((geteuid() == 0) && (real_uid != 0)) {
287 fprintf(stderr, "%s: Must *NOT* be setuid root.\n", prog_name);
291 is_root = (real_uid == 0);
293 while ((c = getopt(argc, argv, "ahr:")) != EOF) {
299 remote_machine = optarg;
303 usage(prog_name, is_root);
311 * Ensure add_user and remote machine are
314 if(add_user && (remote_machine != NULL))
315 usage(prog_name, True);
320 * Deal with root - can add a user, but only locally.
327 /* If we are root we can change another's password. */
328 pstrcpy(user_name, argv[0]);
331 pstrcpy(user_name, argv[0]);
332 fstrcpy(new_passwd, argv[1]);
336 usage(prog_name, True);
340 pwd = getpwnam(user_name);
342 if((pwd = getpwuid(real_uid)) != NULL)
343 pstrcpy( user_name, pwd->pw_name);
349 fprintf(stderr, "%s: Only root can set anothers password.\n", prog_name);
350 usage(prog_name, False);
354 usage(prog_name, False);
357 fstrcpy(new_passwd, argv[0]);
361 if((pwd = getpwuid(real_uid)) != NULL)
362 pstrcpy( user_name, pwd->pw_name);
365 * A non-root user is always setting a password
366 * via a remote machine (even if that machine is
370 if(remote_machine == NULL)
371 remote_machine = "127.0.0.1";
374 if (*user_name == '\0') {
375 fprintf(stderr, "%s: Unable to get a user name for password change.\n", prog_name);
380 * If we are root we don't ask for the old password (unless it's on a
384 if (remote_machine != NULL) {
385 p = getpass("Old SMB password:");
386 fstrcpy(old_passwd, p);
390 new_passwd[0] = '\0';
392 p = getpass("New SMB password:");
394 strncpy(new_passwd, p, sizeof(fstring));
395 new_passwd[sizeof(fstring)-1] = '\0';
397 p = getpass("Retype new SMB password:");
399 if (strncmp(p, new_passwd, sizeof(fstring)-1))
401 fprintf(stderr, "%s: Mismatch - password unchanged.\n", prog_name);
406 if (new_passwd[0] == '\0') {
407 printf("Password not set\n");
412 * Now do things differently depending on if we're changing the
413 * password on a remote machine. Remember - a normal user is
414 * always using this code, looping back to the local smbd.
417 if(remote_machine != NULL) {
418 struct cli_state cli;
422 if(get_myname(myname,NULL) == False) {
423 fprintf(stderr, "%s: unable to get my hostname.\n", prog_name );
427 if(!resolve_name( remote_machine, &ip)) {
428 fprintf(stderr, "%s: unable to find an IP address for machine %s.\n",
429 prog_name, remote_machine );
433 if (!cli_initialise(&cli) || !cli_connect(&cli, remote_machine, &ip)) {
434 fprintf(stderr, "%s: unable to connect to SMB server on machine %s.\n",
435 prog_name, remote_machine );
439 if (!cli_session_request(&cli, remote_machine, 0x20, myname)) {
440 fprintf(stderr, "%s: machine %s rejected the session setup.\n",
441 prog_name, remote_machine );
446 cli.protocol = PROTOCOL_NT1;
448 if (!cli_negprot(&cli)) {
449 fprintf(stderr, "%s: machine %s rejected the negotiate protocol.\n",
450 prog_name, remote_machine );
455 if (!cli_session_setup(&cli, user_name, old_passwd, strlen(old_passwd),
457 fprintf(stderr, "%s: machine %s rejected the session setup.\n",
458 prog_name, remote_machine );
463 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
464 fprintf(stderr, "%s: machine %s rejected the tconX on the IPC$ share.\n",
465 prog_name, remote_machine );
470 if(!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
471 fstring error_message;
473 sprintf(error_message, " with code %d", cli.error);
475 for(i = 0; pw_change_errmap[i].message != NULL; i++) {
476 if (pw_change_errmap[i].err == cli.error) {
477 fstrcpy( error_message, pw_change_errmap[i].message);
481 fprintf(stderr, "%s: machine %s rejected the password change: %s.\n",
482 prog_name, remote_machine, error_message );
491 /* Calculate the MD4 hash (NT compatible) of the old and new passwords */
492 memset(old_nt_p16, '\0', 16);
493 E_md4hash((uchar *)old_passwd, old_nt_p16);
495 memset(new_nt_p16, '\0', 16);
496 E_md4hash((uchar *) new_passwd, new_nt_p16);
498 /* Mangle the passwords into Lanman format */
499 old_passwd[14] = '\0';
500 strupper(old_passwd);
501 new_passwd[14] = '\0';
502 strupper(new_passwd);
505 * Calculate the SMB (lanman) hash functions of both old and new passwords.
508 memset(old_p16, '\0', 16);
509 E_P16((uchar *) old_passwd, old_p16);
511 memset(new_p16, '\0', 16);
512 E_P16((uchar *) new_passwd, new_p16);
515 * Open the smbpaswd file XXXX - we need to parse smb.conf to get the
518 fp = fopen(pfile, "r+");
519 if (!fp && errno == ENOENT) {
520 fp = fopen(pfile, "w");
522 fprintf(fp, "# Samba SMB password file\n");
524 fp = fopen(pfile, "r+");
529 fprintf(stderr, "%s: Failed to open password file %s.\n",
536 /* Set read buffer to 16k for effiecient reads */
537 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
539 /* make sure it is only rw by the owner */
542 /* Lock the smbpasswd file for write. */
543 if ((lockfd = pw_file_lock(fileno(fp), F_WRLCK, 5)) < 0) {
545 fprintf(stderr, "%s: Failed to lock password file %s.\n",
552 /* Get the smb passwd entry for this user */
553 smb_pwent = _my_get_smbpwnam(fp, user_name, &valid_old_pwd,
554 &got_valid_nt_entry, &seekpos);
555 if (smb_pwent == NULL) {
556 if(add_user == False) {
557 fprintf(stderr, "%s: Failed to find entry for user %s in file %s.\n",
558 prog_name, pwd->pw_name, pfile);
560 pw_file_unlock(lockfd);
564 /* Create a new smb passwd entry and set it to the given password. */
567 int new_entry_length;
571 /* The add user write needs to be atomic - so get the fd from
572 the fp and do a raw write() call.
576 if((offpos = lseek(fd, 0, SEEK_END)) == -1) {
577 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
578 Error was %s\n", prog_name, pwd->pw_name, pfile, strerror(errno));
580 pw_file_unlock(lockfd);
584 new_entry_length = strlen(pwd->pw_name) + 1 + 15 + 1 +
585 32 + 1 + 32 + 1 + strlen(pwd->pw_gecos) +
586 1 + strlen(pwd->pw_dir) + 1 +
587 strlen(pwd->pw_shell) + 1;
588 if((new_entry = (char *)malloc( new_entry_length )) == 0) {
589 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
590 Error was %s\n", prog_name, pwd->pw_name, pfile, strerror(errno));
592 pw_file_unlock(lockfd);
596 sprintf(new_entry, "%s:%u:", pwd->pw_name, (unsigned)pwd->pw_uid);
597 p = &new_entry[strlen(new_entry)];
598 for( i = 0; i < 16; i++)
599 sprintf(&p[i*2], "%02X", new_p16[i]);
602 for( i = 0; i < 16; i++)
603 sprintf(&p[i*2], "%02X", new_nt_p16[i]);
606 sprintf(p, "%s:%s:%s\n", pwd->pw_gecos,
607 pwd->pw_dir, pwd->pw_shell);
608 if(write(fd, new_entry, strlen(new_entry)) != strlen(new_entry)) {
609 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
610 Error was %s\n", prog_name, pwd->pw_name, pfile, strerror(errno));
611 /* Remove the entry we just wrote. */
612 if(ftruncate(fd, offpos) == -1) {
613 fprintf(stderr, "%s: ERROR failed to ftruncate file %s. \
614 Error was %s. Password file may be corrupt ! Please examine by hand !\n",
615 prog_name, pwd->pw_name, strerror(errno));
618 pw_file_unlock(lockfd);
623 pw_file_unlock(lockfd);
627 /* the entry already existed */
632 * We are root - just write the new password.
635 /* Create the 32 byte representation of the new p16 */
636 for (i = 0; i < 16; i++) {
637 sprintf(&ascii_p16[i * 2], "%02X", (uchar) new_p16[i]);
639 if(got_valid_nt_entry) {
640 /* Add on the NT md4 hash */
642 for (i = 0; i < 16; i++) {
643 sprintf(&ascii_p16[(i * 2)+33], "%02X", (uchar) new_nt_p16[i]);
647 * Do an atomic write into the file at the position defined by
651 ret = lseek(pwfd, seekpos - 1, SEEK_SET);
652 if (ret != seekpos - 1) {
654 fprintf(stderr, "%s: seek fail on file %s.\n",
659 pw_file_unlock(lockfd);
662 /* Sanity check - ensure the character is a ':' */
663 if (read(pwfd, &c, 1) != 1) {
665 fprintf(stderr, "%s: read fail on file %s.\n",
670 pw_file_unlock(lockfd);
674 fprintf(stderr, "%s: sanity check on passwd file %s failed.\n",
677 pw_file_unlock(lockfd);
680 writelen = (got_valid_nt_entry) ? 65 : 32;
681 if (write(pwfd, ascii_p16, writelen) != writelen) {
683 fprintf(stderr, "%s: write fail in file %s.\n",
688 pw_file_unlock(lockfd);
692 pw_file_unlock(lockfd);
693 printf("Password changed\n");