return ret;
}
-/***********************************************************
- Code to check a plaintext password against smbpasswd entries.
-***********************************************************/
-
-BOOL check_plaintext_password(char *user, char *old_passwd,
- int old_passwd_size, SAM_ACCOUNT **hnd)
-{
- SAM_ACCOUNT *sampass = NULL;
- uchar old_pw[16], old_ntpw[16];
- BOOL ret;
-
- pdb_init_sam(&sampass);
-
- become_root();
- ret = pdb_getsampwnam(sampass, user);
- unbecome_root();
-
- *hnd = sampass;
-
- if (ret == False)
- {
- DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n"));
- return False;
- }
-
- if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED)
- {
- DEBUG(0,("check_plaintext_password: account %s disabled.\n", user));
- return (False);
- }
- nt_lm_owf_gen(old_passwd, old_ntpw, old_pw);
-#ifdef DEBUG_PASSWORD
- DEBUG(100, ("check_plaintext_password: nt_passwd \n"));
- dump_data(100, pdb_get_nt_passwd(sampass), 16);
- DEBUG(100, ("check_plaintext_password: old_ntpw \n"));
- dump_data(100, old_ntpw, 16);
- DEBUG(100, ("check_plaintext_password: lanman_passwd \n"));
- dump_data(100, pdb_get_lanman_passwd(sampass), 16);
- DEBUG(100, ("check_plaintext_password: old_pw\n"));
- dump_data(100, old_pw, 16);
-#endif
-
- if (memcmp(pdb_get_nt_passwd(sampass), old_ntpw, 16)
- && memcmp(pdb_get_lanman_passwd(sampass), old_pw, 16))
- return (False);
- else
- return (True);
-}
fstring user;
fstring pass1,pass2;
- struct passwd *passwd;
-
pull_ascii_fstring(user,p);
p = skip_string(p,1);
DEBUG(3,("Set password for <%s>\n",user));
- /*
- * Pass the user through the NT -> unix user mapping
- * function.
- */
-
- (void)map_username(user);
-
- /*
- * Do any UNIX username case mangling.
- */
- passwd = Get_Pwnam_Modify( user );
-
/*
* Attempt to verify the old password against smbpasswd entries
* Win98 clients send old and new password in plaintext for this call.
*/
{
- fstring saved_pass2;
- SAM_ACCOUNT *sampass=NULL;
-
- /*
- * Save the new password as change_oem_password overwrites it
- * with zeros.
- */
-
- fstrcpy(saved_pass2, pass2);
-
- if (check_plaintext_password(user,pass1,strlen(pass1),&sampass) &&
- change_oem_password(sampass,pass2))
- {
- SSVAL(*rparam,0,NERR_Success);
-
- /*
- * If unix password sync was requested, attempt to change
- * the /etc/passwd database also. Return failure if this cannot
- * be done.
- */
-
- if(lp_unix_password_sync() && !chgpasswd(user,pass1,saved_pass2,False))
- SSVAL(*rparam,0,NERR_badpass);
- }
- pdb_free_sam(&sampass);
- }
-
-
- /*
- * If the above failed, attempt the plaintext password change.
- * This tests against the /etc/passwd database only.
- */
-
- if(SVAL(*rparam,0) != NERR_Success)
- {
- if NT_STATUS_IS_OK(pass_check(passwd, user, pass1,
- strlen(pass1), NULL, False))
+ auth_serversupplied_info *server_info = NULL;
+ DATA_BLOB password = data_blob(pass1, strlen(pass1)+1);
+ if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) {
+ if (change_oem_password(server_info->sam_account,pass2))
{
- if (chgpasswd(user,pass1,pass2,False)) {
- SSVAL(*rparam,0,NERR_Success);
- }
+ SSVAL(*rparam,0,NERR_Success);
}
+
+ /*
+ * If unix password sync was requested, attempt to change
+ * the /etc/passwd database also. Return failure if this cannot
+ * be done.
+ *
+ * This occours regardless of the previous result, becouse
+ * It might not have been testing the password against the SAM backend.
+ * (and therefore the change_oem_password would fail).
+ *
+ * Conditional on lp_unix_password_sync() becouse we don't want
+ * to touch the unix db unless we have admin permission.
+ */
+
+ if(lp_unix_password_sync() && !chgpasswd(pdb_get_username(server_info->sam_account),
+ pass1,pass2,False)) {
+ SSVAL(*rparam,0,NERR_badpass);
+ }
+
+ free_server_info(&server_info);
+ }
+ data_blob_clear_free(&password);
}
-
+
/*
* If the plaintext change failed, attempt
* the old encrypted method. NT will generate this
git.samba.org / vlendec / samba-autobuild / .git / commitdiff