2 * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module. Copyright
3 * (C) Jeremy Allison 1995-1998
5 * This program is free software; you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License as published by the Free
7 * Software Foundation; either version 2 of the License, or (at your option)
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 675
17 * Mass Ave, Cambridge, MA 02139, USA.
23 * Password changing error codes.
30 } pw_change_errmap[] =
32 {5, "User has insufficient privilege" },
33 {86, "The specified password is invalid" },
34 {2226, "Operation only permitted on a Primary Domain Controller" },
35 {2243, "The password cannot be changed" },
36 {2246, "The password is too short" },
40 /******************************************************
41 Convert a hex password.
42 *******************************************************/
44 static int gethexpwd(char *p, char *pwd)
47 unsigned char lonybble, hinybble;
48 char *hexchars = "0123456789ABCDEF";
50 for (i = 0; i < 32; i += 2) {
51 hinybble = toupper(p[i]);
52 lonybble = toupper(p[i + 1]);
54 p1 = strchr(hexchars, hinybble);
55 p2 = strchr(hexchars, lonybble);
59 hinybble = PTR_DIFF(p1, hexchars);
60 lonybble = PTR_DIFF(p2, hexchars);
62 pwd[i / 2] = (hinybble << 4) | lonybble;
67 /******************************************************
68 Find a password entry by name.
69 *******************************************************/
71 static struct smb_passwd *
72 _my_get_smbpwnam(FILE * fp, char *name, BOOL * valid_old_pwd,
73 BOOL *got_valid_nt_entry, long *pwd_seekpos)
75 /* Static buffers we will return. */
76 static struct smb_passwd pw_buf;
77 static pstring user_name;
78 static unsigned char smbpwd[16];
79 static unsigned char smbntpwd[16];
87 pw_buf.acct_ctrl = ACB_NORMAL;
90 * Scan the file, a line at a time and check if the name matches.
94 *pwd_seekpos = ftell(fp);
96 fgets(linebuf, 256, fp);
101 * Check if the string is terminated with a newline - if not
102 * then we must keep reading and discard until we get one.
104 linebuf_len = strlen(linebuf);
105 if (linebuf[linebuf_len - 1] != '\n') {
107 while (!ferror(fp) && !feof(fp)) {
113 linebuf[linebuf_len - 1] = '\0';
115 if ((linebuf[0] == 0) && feof(fp))
118 * The line we have should be of the form :-
120 * username:uid:[32hex bytes]:....other flags presently
125 * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
127 * if Windows NT compatible passwords are also present.
130 if (linebuf[0] == '#' || linebuf[0] == '\0')
132 p = (unsigned char *) strchr(linebuf, ':');
136 * As 256 is shorter than a pstring we don't need to check
137 * length here - if this ever changes....
139 strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
140 user_name[PTR_DIFF(p, linebuf)] = '\0';
141 if (!strequal(user_name, name))
144 /* User name matches - get uid and password */
145 p++; /* Go past ':' */
149 uidval = atoi((char *) p);
150 while (*p && isdigit(*p))
157 * Now get the password value - this should be 32 hex digits
158 * which are the ascii representations of a 16 byte string.
159 * Get two at a time and put them into the password.
162 *pwd_seekpos += PTR_DIFF(p, linebuf); /* Save exact position
163 * of passwd in file -
166 if (*p == '*' || *p == 'X') {
167 /* Password deliberately invalid - end here. */
168 *valid_old_pwd = False;
169 *got_valid_nt_entry = False;
170 pw_buf.smb_nt_passwd = NULL; /* No NT password (yet)*/
172 pw_buf.acct_ctrl |= ACB_DISABLED;
174 /* Now check if the NT compatible password is
176 p += 33; /* Move to the first character of the line after
177 the lanman password. */
178 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
179 /* NT Entry was valid - even if 'X' or '*', can be overwritten */
180 *got_valid_nt_entry = True;
181 if (*p != '*' && *p != 'X') {
182 if (gethexpwd((char *)p,(char *)smbntpwd))
183 pw_buf.smb_nt_passwd = smbntpwd;
186 pw_buf.smb_name = user_name;
187 pw_buf.smb_userid = uidval;
188 pw_buf.smb_passwd = NULL; /* No password */
191 if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
197 if (!strncasecmp((char *)p, "NO PASSWORD", 11)) {
198 pw_buf.smb_passwd = NULL; /* No password */
199 pw_buf.acct_ctrl |= ACB_PWNOTREQ;
201 if(!gethexpwd((char *)p,(char *)smbpwd))
203 pw_buf.smb_passwd = smbpwd;
206 pw_buf.smb_name = user_name;
207 pw_buf.smb_userid = uidval;
208 pw_buf.smb_nt_passwd = NULL;
209 *got_valid_nt_entry = False;
210 *valid_old_pwd = True;
212 /* Now check if the NT compatible password is
214 p += 33; /* Move to the first character of the line after
215 the lanman password. */
216 if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
217 /* NT Entry was valid - even if 'X' or '*', can be overwritten */
218 *got_valid_nt_entry = True;
219 if (*p != '*' && *p != 'X') {
220 if (gethexpwd((char *)p,(char *)smbntpwd))
221 pw_buf.smb_nt_passwd = smbntpwd;
224 p += 33; /* Move to the first character of the line after
229 * Check if the account type bits have been encoded after the
230 * NT password (in the form [NDHTUWSLXI]).
234 BOOL finished = False;
236 pw_buf.acct_ctrl = 0;
238 for(p++;*p && !finished; p++) {
242 * Hmmm. Don't allow these to be set/read independently
243 * of the actual password fields. We don't want a mismatch.
248 pw_buf.acct_ctrl |= ACB_PWNOTREQ;
252 pw_buf.acct_ctrl |= ACB_DISABLED;
256 /* 'H'omedir required. */
257 pw_buf.acct_ctrl |= ACB_HOMDIRREQ;
260 /* 'T'emp account. */
261 pw_buf.acct_ctrl |= ACB_TEMPDUP;
264 /* 'U'ser account (normal). */
265 pw_buf.acct_ctrl |= ACB_NORMAL;
268 /* 'M'NS logon user account. What is this ? */
269 pw_buf.acct_ctrl |= ACB_MNS;
272 /* 'W'orkstation account. */
273 pw_buf.acct_ctrl |= ACB_WSTRUST;
276 /* 'S'erver account. */
277 pw_buf.acct_ctrl |= ACB_SVRTRUST;
280 /* 'L'ocked account. */
281 pw_buf.acct_ctrl |= ACB_AUTOLOCK;
285 pw_buf.acct_ctrl |= ACB_PWNOEXP;
288 /* 'I'nterdomain trust account. */
289 pw_buf.acct_ctrl |= ACB_DOMTRUST;
301 /* Must have some account type set. */
302 if(pw_buf.acct_ctrl == 0)
303 pw_buf.acct_ctrl = ACB_NORMAL;
306 /* 'Old' style file. Fake up based on user name. */
308 * Currently machine accounts are kept in the same
309 * password file as 'normal accounts'. If this changes
310 * we will have to fix this code. JRA.
312 if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') {
313 pw_buf.acct_ctrl &= ~ACB_NORMAL;
314 pw_buf.acct_ctrl |= ACB_WSTRUST;
322 /**********************************************************
323 Encode the account control bits into a string.
324 **********************************************************/
326 char *encode_acct_ctrl(uint16 acct_ctrl)
328 static fstring acct_str;
333 if(acct_ctrl & ACB_HOMDIRREQ)
335 if(acct_ctrl & ACB_TEMPDUP)
337 if(acct_ctrl & ACB_NORMAL)
339 if(acct_ctrl & ACB_MNS)
341 if(acct_ctrl & ACB_WSTRUST)
343 if(acct_ctrl & ACB_SVRTRUST)
345 if(acct_ctrl & ACB_AUTOLOCK)
347 if(acct_ctrl & ACB_PWNOEXP)
349 if(acct_ctrl & ACB_DOMTRUST)
357 /**********************************************************
358 Allocate an unused uid in the smbpasswd file to a new
360 ***********************************************************/
362 int get_machine_uid(void)
367 /*********************************************************
368 Print command usage on stderr and die.
369 **********************************************************/
371 static void usage(char *name, BOOL is_root)
374 fprintf(stderr, "Usage is : %s [-a] [-d] [-m] [-n] [username] [password]\n\
375 %s: [-r machine] [username] [password]\n%s: [-h]\n", name, name, name);
377 fprintf(stderr, "Usage is : %s [-h] [-r machine] [password]\n", name);
381 /*********************************************************
383 **********************************************************/
385 int main(int argc, char **argv)
392 struct passwd machine_account_pwd;
396 uchar new_nt_p16[16];
398 struct smb_passwd *smb_pwent;
400 BOOL valid_old_pwd = False;
401 BOOL got_valid_nt_entry = False;
407 int ret, i, err, writelen;
409 char *pfile = SMB_PASSWD_FILE;
410 char readbuf[16 * 1024];
411 BOOL is_root = False;
413 pstring machine_dir_name;
414 char *remote_machine = NULL;
415 BOOL add_user = False;
416 BOOL got_new_pass = False;
417 BOOL machine_account = False;
418 BOOL disable_user = False;
419 BOOL set_no_password = False;
420 pstring servicesf = CONFIGFILE;
422 new_passwd[0] = '\0';
425 memset(old_passwd, '\0', sizeof(old_passwd));
426 memset(new_passwd, '\0', sizeof(new_passwd));
432 setup_logging(prog_name,True);
434 charset_initialise();
436 if (!lp_load(servicesf,True,False,False)) {
437 fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n", prog_name, servicesf);
440 codepage_initialise(lp_client_code_page());
442 /* Get the real uid */
445 /* Check the effective uid */
446 if ((geteuid() == 0) && (real_uid != 0)) {
447 fprintf(stderr, "%s: Must *NOT* be setuid root.\n", prog_name);
451 is_root = (real_uid == 0);
453 while ((ch = getopt(argc, argv, "adhmnr:")) != EOF) {
459 usage(prog_name, is_root);
465 strcpy(new_passwd, "XXXXXX");
467 usage(prog_name, is_root);
471 set_no_password = True;
473 strcpy(new_passwd, "NO PASSWORD");
475 usage(prog_name, is_root);
477 remote_machine = optarg;
481 machine_account = True;
483 usage(prog_name, is_root);
487 usage(prog_name, is_root);
495 * Ensure add_user and remote machine are
498 if(add_user && (remote_machine != NULL))
499 usage(prog_name, True);
504 * Deal with root - can add a user, but only locally.
511 /* If we are root we can change another's password. */
512 pstrcpy(user_name, argv[0]);
515 pstrcpy(user_name, argv[0]);
516 fstrcpy(new_passwd, argv[1]);
520 usage(prog_name, True);
524 pwd = getpwnam(user_name);
526 if((pwd = getpwuid(real_uid)) != NULL)
527 pstrcpy( user_name, pwd->pw_name);
533 fprintf(stderr, "%s: Only root can set anothers password.\n", prog_name);
534 usage(prog_name, False);
538 usage(prog_name, False);
541 fstrcpy(new_passwd, argv[0]);
545 if((pwd = getpwuid(real_uid)) != NULL)
546 pstrcpy( user_name, pwd->pw_name);
549 * A non-root user is always setting a password
550 * via a remote machine (even if that machine is
554 if(remote_machine == NULL)
555 remote_machine = "127.0.0.1";
558 if (*user_name == '\0') {
559 fprintf(stderr, "%s: Unable to get a user name for password change.\n", prog_name);
564 * If we are adding a machine account then pretend
565 * we already have the new password, we will be using
566 * the machinename as the password.
569 if(add_user && machine_account) {
571 strncpy(new_passwd, user_name, sizeof(fstring));
572 new_passwd[sizeof(fstring)-1] = '\0';
573 strlower(new_passwd);
577 * If we are root we don't ask for the old password (unless it's on a
581 if (remote_machine != NULL) {
582 p = getpass("Old SMB password:");
583 fstrcpy(old_passwd, p);
587 new_passwd[0] = '\0';
589 p = getpass("New SMB password:");
591 strncpy(new_passwd, p, sizeof(fstring));
592 new_passwd[sizeof(fstring)-1] = '\0';
594 p = getpass("Retype new SMB password:");
596 if (strncmp(p, new_passwd, sizeof(fstring)-1))
598 fprintf(stderr, "%s: Mismatch - password unchanged.\n", prog_name);
603 if (new_passwd[0] == '\0') {
604 printf("Password not set\n");
609 * Now do things differently depending on if we're changing the
610 * password on a remote machine. Remember - a normal user is
611 * always using this code, looping back to the local smbd.
614 if(remote_machine != NULL) {
615 struct cli_state cli;
619 if(get_myname(myname,NULL) == False) {
620 fprintf(stderr, "%s: unable to get my hostname.\n", prog_name );
624 if(!resolve_name( remote_machine, &ip)) {
625 fprintf(stderr, "%s: unable to find an IP address for machine %s.\n",
626 prog_name, remote_machine );
630 if (!cli_initialise(&cli) || !cli_connect(&cli, remote_machine, &ip)) {
631 fprintf(stderr, "%s: unable to connect to SMB server on machine %s.\n",
632 prog_name, remote_machine );
636 if (!cli_session_request(&cli, remote_machine, 0x20, myname)) {
637 fprintf(stderr, "%s: machine %s rejected the session setup.\n",
638 prog_name, remote_machine );
643 cli.protocol = PROTOCOL_NT1;
645 if (!cli_negprot(&cli)) {
646 fprintf(stderr, "%s: machine %s rejected the negotiate protocol.\n",
647 prog_name, remote_machine );
652 if (!cli_session_setup(&cli, user_name, old_passwd, strlen(old_passwd),
654 fprintf(stderr, "%s: machine %s rejected the session setup.\n",
655 prog_name, remote_machine );
660 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
661 fprintf(stderr, "%s: machine %s rejected the tconX on the IPC$ share.\n",
662 prog_name, remote_machine );
667 if(!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
668 fstring error_message;
670 sprintf(error_message, " with code %d", cli.error);
672 for(i = 0; pw_change_errmap[i].message != NULL; i++) {
673 if (pw_change_errmap[i].err == cli.error) {
674 fstrcpy( error_message, pw_change_errmap[i].message);
678 fprintf(stderr, "%s: machine %s rejected the password change: %s.\n",
679 prog_name, remote_machine, error_message );
689 * Check for a machine account flag - make sure the username ends in
693 if(machine_account) {
694 int username_len = strlen(user_name);
695 if(username_len >= sizeof(pstring) - 1) {
696 fprintf(stderr, "%s: machine account name too long.\n", user_name);
700 if(user_name[username_len] != '$') {
701 user_name[username_len] = '$';
702 user_name[username_len+1] = '\0';
706 * Setup the pwd struct to point to known
707 * values for a machine account (it doesn't
708 * exist in /etc/passwd).
711 pwd = &machine_account_pwd;
712 pwd->pw_name = user_name;
713 sprintf(machine_dir_name, "Machine account for %s", user_name);
715 pwd->pw_dir = machine_dir_name;
717 pwd->pw_uid = get_machine_uid();
721 /* Calculate the MD4 hash (NT compatible) of the new password. */
723 memset(new_nt_p16, '\0', 16);
724 E_md4hash((uchar *) new_passwd, new_nt_p16);
726 /* Mangle the password into Lanman format */
727 new_passwd[14] = '\0';
728 strupper(new_passwd);
731 * Calculate the SMB (lanman) hash functions of the new password.
734 memset(new_p16, '\0', 16);
735 E_P16((uchar *) new_passwd, new_p16);
738 * Open the smbpaswd file XXXX - we need to parse smb.conf to get the
741 fp = fopen(pfile, "r+");
742 if (!fp && errno == ENOENT) {
743 fp = fopen(pfile, "w");
745 fprintf(fp, "# Samba SMB password file\n");
747 fp = fopen(pfile, "r+");
752 fprintf(stderr, "%s: Failed to open password file %s.\n",
759 /* Set read buffer to 16k for effiecient reads */
760 setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
762 /* make sure it is only rw by the owner */
765 /* Lock the smbpasswd file for write. */
766 if ((lockfd = pw_file_lock(fileno(fp), F_WRLCK, 5)) < 0) {
768 fprintf(stderr, "%s: Failed to lock password file %s.\n",
776 /* Get the smb passwd entry for this user */
777 smb_pwent = _my_get_smbpwnam(fp, user_name, &valid_old_pwd,
778 &got_valid_nt_entry, &seekpos);
779 if (smb_pwent == NULL) {
780 if(add_user == False) {
781 fprintf(stderr, "%s: Failed to find entry for user %s in file %s.\n",
782 prog_name, pwd->pw_name, pfile);
784 pw_file_unlock(lockfd);
788 /* Create a new smb passwd entry and set it to the given password. */
791 int new_entry_length;
794 uint16 acct_ctrl = (machine_account ? ACB_SVRTRUST : ACB_NORMAL);
796 /* The add user write needs to be atomic - so get the fd from
797 the fp and do a raw write() call.
801 if((offpos = lseek(fd, 0, SEEK_END)) == -1) {
802 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
803 Error was %s\n", prog_name, user_name, pfile, strerror(errno));
805 pw_file_unlock(lockfd);
809 new_entry_length = strlen(user_name) + 1 + 15 + 1 +
810 32 + 1 + 32 + 1 + sizeof(fstring) +
811 1 + strlen(pwd->pw_dir) + 1 +
812 strlen(pwd->pw_shell) + 1;
813 if((new_entry = (char *)malloc( new_entry_length )) == 0) {
814 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
815 Error was %s\n", prog_name, pwd->pw_name, pfile, strerror(errno));
816 pw_file_unlock(lockfd);
821 sprintf(new_entry, "%s:%u:", pwd->pw_name, (unsigned)pwd->pw_uid);
822 p = &new_entry[strlen(new_entry)];
824 memcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
827 memcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
828 } else if (set_no_password) {
829 memcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32);
832 memcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
834 for( i = 0; i < 16; i++)
835 sprintf(&p[i*2], "%02X", new_p16[i]);
838 for( i = 0; i < 16; i++)
839 sprintf(&p[i*2], "%02X", new_nt_p16[i]);
843 sprintf(p, "%s:%s:%s\n", encode_acct_ctrl(acct_ctrl),
844 pwd->pw_dir, pwd->pw_shell);
845 if(write(fd, new_entry, strlen(new_entry)) != strlen(new_entry)) {
846 fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \
847 Error was %s\n", prog_name, pwd->pw_name, pfile, strerror(errno));
848 /* Remove the entry we just wrote. */
849 if(ftruncate(fd, offpos) == -1) {
850 fprintf(stderr, "%s: ERROR failed to ftruncate file %s. \
851 Error was %s. Password file may be corrupt ! Please examine by hand !\n",
852 prog_name, pwd->pw_name, strerror(errno));
854 pw_file_unlock(lockfd);
859 pw_file_unlock(lockfd);
864 /* the entry already existed */
869 * We are root - just write the new password.
872 /* Create the 32 byte representation of the new p16 */
874 memcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
875 } else if (set_no_password) {
876 memcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32);
878 for (i = 0; i < 16; i++) {
879 sprintf(&ascii_p16[i * 2], "%02X", (uchar) new_p16[i]);
882 if(got_valid_nt_entry) {
883 /* Add on the NT md4 hash */
886 memcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
887 } else if (set_no_password) {
888 memcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);
890 for (i = 0; i < 16; i++) {
891 sprintf(&ascii_p16[(i * 2)+33], "%02X", (uchar) new_nt_p16[i]);
896 * Do an atomic write into the file at the position defined by
900 ret = lseek(pwfd, seekpos - 1, SEEK_SET);
901 if (ret != seekpos - 1) {
903 fprintf(stderr, "%s: seek fail on file %s.\n",
907 pw_file_unlock(lockfd);
911 /* Sanity check - ensure the character is a ':' */
912 if (read(pwfd, &c, 1) != 1) {
914 fprintf(stderr, "%s: read fail on file %s.\n",
918 pw_file_unlock(lockfd);
923 fprintf(stderr, "%s: sanity check on passwd file %s failed.\n",
925 pw_file_unlock(lockfd);
929 writelen = (got_valid_nt_entry) ? 65 : 32;
930 if (write(pwfd, ascii_p16, writelen) != writelen) {
932 fprintf(stderr, "%s: write fail in file %s.\n",
936 pw_file_unlock(lockfd);
940 pw_file_unlock(lockfd);
943 printf("User %s disabled.\n", user_name);
944 else if (set_no_password)
945 printf("User %s - set to no password.\n", user_name);
947 printf("Password changed for user %s.\n", user_name);