* this program; if not, see <http://www.gnu.org/licenses/>. */
#include "includes.h"
+#include "secrets.h"
extern bool AllowDebugChange;
static int process_options(int argc, char **argv, int local_flags)
{
int ch;
- pstring configfile;
- pstrcpy(configfile, dyn_CONFIGFILE);
+ const char *configfile = get_dyn_CONFIGFILE();
local_flags |= LOCAL_SET_PASSWORD;
while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
switch(ch) {
case 'L':
+#if !defined(NSS_WRAPPER)
+ if (getuid() != 0) {
+ fprintf(stderr, "smbpasswd -L can only be used by root.\n");
+ exit(1);
+ }
+#endif
local_flags |= LOCAL_AM_ROOT;
break;
case 'c':
- pstrcpy(configfile,optarg);
+ configfile = optarg;
break;
case 'a':
local_flags |= LOCAL_ADD_USER;
usage();
}
}
-
+
argc -= optind;
argv += optind;
fstring new_pw;
ZERO_ARRAY(new_pw);
-
+
p = get_pass("New SMB password:", stdin_get);
fstrcpy(new_pw, p);
int local_flags)
{
NTSTATUS ret;
- pstring err_str;
- pstring msg_str;
+ char *err_str = NULL;
+ char *msg_str = NULL;
if (remote_mach != NULL) {
- if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
- LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
+ if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|
+ LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
+ LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
/* these things can't be done remotely yet */
+ fprintf(stderr, "Invalid remote operation!\n");
return NT_STATUS_UNSUCCESSFUL;
}
- ret = remote_password_change(remote_mach, username,
- old_passwd, new_pw, err_str, sizeof(err_str));
- if(*err_str)
- fprintf(stderr, "%s", err_str);
- return ret;
+ ret = remote_password_change(remote_mach, username,
+ old_passwd, new_pw, &err_str);
+ } else {
+ ret = local_password_change(username, local_flags, new_pw,
+ &err_str, &msg_str);
}
-
- ret = local_password_change(username, local_flags, new_pw,
- err_str, sizeof(err_str), msg_str, sizeof(msg_str));
- if(*msg_str)
+ if (msg_str) {
printf("%s", msg_str);
- if(*err_str)
+ }
+ if (err_str) {
fprintf(stderr, "%s", err_str);
+ }
+ if (!NT_STATUS_IS_OK(ret) && !err_str) {
+ fprintf(stderr, "Failed to change password!\n");
+ }
+ SAFE_FREE(msg_str);
+ SAFE_FREE(err_str);
return ret;
}
if (!secrets_init())
return False;
-
+
return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw);
}
DEBUG(0, ("Failed to open passdb!\n"));
exit(1);
}
-
+
/* Ensure we have a SAM sid. */
get_global_sam_sid();
(remote_machine != NULL))) {
usage();
}
-
+
/* Only load interfaces if we are doing network operations. */
if (remote_machine) {
load_interfaces();
}
- if (!user_name[0] && (pwd = getpwuid_alloc(NULL, geteuid()))) {
+ if (!user_name[0] && (pwd = getpwuid_alloc(talloc_autofree_context(), geteuid()))) {
fstrcpy(user_name, pwd->pw_name);
TALLOC_FREE(pwd);
}
exit(1);
}
}
-
+
/* prepare uppercased and '$' terminated username */
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
fstrcpy(user_name, buf);
-
+
} else {
-
+
if (remote_machine != NULL) {
old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
+ if(!old_passwd) {
+ fprintf(stderr, "Unable to get old password.\n");
+ exit(1);
+ }
}
-
+
if (!(local_flags & LOCAL_SET_PASSWORD)) {
-
+
/*
* If we are trying to enable a user, first we need to find out
* if they are using a modern version of the smbpasswd file that
* password. If not (ie. they have a no stored password in the
* smbpasswd file) then we need to prompt for a new password.
*/
-
+
if(local_flags & LOCAL_ENABLE_USER) {
struct samu *sampass = NULL;
-
+
sampass = samu_new( NULL );
if (!sampass) {
fprintf(stderr, "talloc fail for struct samu.\n");
TALLOC_FREE(sampass);
}
}
-
+
if((local_flags & LOCAL_SET_PASSWORD) && (new_passwd == NULL)) {
+
new_passwd = prompt_for_new_password(stdin_passwd_get);
-
if(!new_passwd) {
fprintf(stderr, "Unable to get new password.\n");
exit(1);
if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name,
old_passwd, new_passwd,
local_flags))) {
- fprintf(stderr,"Failed to modify password entry for user %s\n", user_name);
result = 1;
goto done;
}
printf("Password changed for user %s on %s.\n", user_name, remote_machine );
} else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) {
struct samu *sampass = NULL;
-
+
sampass = samu_new( NULL );
if (!sampass) {
fprintf(stderr, "talloc fail for struct samu.\n");
}
done:
+ SAFE_FREE(old_passwd);
SAFE_FREE(new_passwd);
return result;
}
}
if (!user_name[0]) {
- pwd = getpwuid_alloc(NULL, getuid());
+ pwd = getpwuid_alloc(talloc_autofree_context(), getuid());
if (pwd) {
fstrcpy(user_name,pwd->pw_name);
TALLOC_FREE(pwd);
exit(1);
}
}
-
+
/*
* A non-root user is always setting a password
* via a remote machine (even if that machine is
if (remote_machine != NULL) {
old_pw = get_pass("Old SMB password:",stdin_passwd_get);
}
-
+
if (!new_passwd) {
new_pw = prompt_for_new_password(stdin_passwd_get);
}
else
new_pw = smb_xstrdup(new_passwd);
-
+
if (!new_pw) {
fprintf(stderr, "Unable to get new password.\n");
exit(1);
if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw,
new_pw, 0))) {
- fprintf(stderr,"Failed to change password for %s\n", user_name);
result = 1;
goto done;
}
TALLOC_CTX *frame = talloc_stackframe();
int local_flags = 0;
int ret;
-
+
AllowDebugChange = False;
#if defined(HAVE_SET_AUTH_PARAMETERS)
local_flags = process_options(argc, argv, local_flags);
setup_logging("smbpasswd", True);
-
+
/*
* Set the machine NETBIOS name if not already
* set from the config file.
*/
-
+
if (!init_names())
return 1;
git.samba.org / samba.git / blobdiff