2 Unix SMB/Netbios implementation.
4 Samba utility functions
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 /* fork a child process to exec passwd and write to its
23 * tty to change a users password. This is running as the
24 * user who is attempting to change the password.
28 * This code was copied/borrowed and stolen from various sources.
29 * The primary source was the poppasswd.c from the authors of POPMail. This software
30 * was included as a client to change passwords using the 'passwd' program
31 * on the remote machine.
33 * This routine is called by set_user_password() in password.c only if ALLOW_PASSWORD_CHANGE
34 * is defined in the compiler directives located in the Makefile.
36 * This code has been hacked by Bob Nance (nance@niehs.nih.gov) and Evan Patterson
37 * (patters2@niehs.nih.gov) at the National Institute of Environmental Health Sciences
38 * and rights to modify, distribute or incorporate this change to the CAP suite or
39 * using it for any other reason are granted, so long as this disclaimer is left intact.
43 This code was hacked considerably for inclusion in Samba, primarily
44 by Andrew.Tridgell@anu.edu.au. The biggest change was the addition
45 of the "password chat" option, which allows the easy runtime
46 specification of the expected sequence of events to change a
52 extern int DEBUGLEVEL;
54 #ifdef ALLOW_CHANGE_PASSWORD
56 #define MINPASSWDLENGTH 5
59 static int findpty(char **slave)
62 #if defined(USE_GRANTPT)
63 #if defined(SVR4) || defined(SUNOS5)
64 extern char *ptsname();
65 #endif /* defined(SVR4) || defined(SUNOS5) */
66 #else /* USE_GRANTPT */
70 #endif /* USE_GRANTPT */
72 #if defined(USE_GRANTPT)
73 if ((master = open("/dev/ptmx", O_RDWR)) >= 1) {
76 *slave = ptsname(master);
79 #else /* USE_GRANTPT */
80 fstrcpy( line, "/dev/ptyXX" );
82 dirp = OpenDir(-1, "/dev", False);
83 if (!dirp) return(-1);
84 while ((dpname = ReadDirName(dirp)) != NULL) {
85 if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5) {
86 DEBUG(3,("pty: try to open %s, line was %s\n", dpname, line ) );
89 if ((master = open(line, O_RDWR)) >= 0) {
90 DEBUG(3,("pty: opened %s\n", line ) );
99 #endif /* USE_GRANTPT */
103 static int dochild(int master,char *slavedev, char *name, char *passwordprogram, BOOL as_root)
106 struct termios stermios;
107 struct passwd *pass = Get_Pwnam(name,True);
112 DEBUG(0,("dochild: user name %s doesn't exist in the UNIX password database.\n",
121 #else /* USE_SETRES */
123 #endif /* USE_SETRES */
125 /* Start new session - gets rid of controlling terminal. */
127 DEBUG(3,("Weirdness, couldn't let go of controlling terminal\n"));
131 /* Open slave pty and acquire as new controlling terminal. */
132 if ((slave = open(slavedev, O_RDWR)) < 0) {
133 DEBUG(3,("More weirdness, could not open %s\n",
137 #if defined(SVR4) || defined(SUNOS5) || defined(SCO)
138 ioctl(slave, I_PUSH, "ptem");
139 ioctl(slave, I_PUSH, "ldterm");
140 #else /* defined(SVR4) || defined(SUNOS5) || defined(SCO) */
141 #if defined(TIOCSCTTY)
142 if (ioctl(slave,TIOCSCTTY,0) <0) {
143 DEBUG(3,("Error in ioctl call for slave pty\n"));
146 #endif /* defined(TIOCSCTTY) */
147 #endif /* defined(SVR4) || defined(SUNOS5) || defined(SCO) */
152 /* Make slave stdin/out/err of child. */
154 if (dup2(slave, STDIN_FILENO) != STDIN_FILENO) {
155 DEBUG(3,("Could not re-direct stdin\n"));
158 if (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO) {
159 DEBUG(3,("Could not re-direct stdout\n"));
162 if (dup2(slave, STDERR_FILENO) != STDERR_FILENO) {
163 DEBUG(3,("Could not re-direct stderr\n"));
166 if (slave > 2) close(slave);
168 /* Set proper terminal attributes - no echo, canonical input processing,
169 no map NL to CR/NL on output. */
171 if (tcgetattr(0, &stermios) < 0) {
172 DEBUG(3,("could not read default terminal attributes on pty\n"));
175 stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
176 stermios.c_lflag |= ICANON;
177 stermios.c_oflag &= ~(ONLCR);
178 if (tcsetattr(0, TCSANOW, &stermios) < 0) {
179 DEBUG(3,("could not set attributes of pty\n"));
183 /* make us completely into the right uid */
188 setresgid(gid,gid,gid);
189 setresuid(uid,uid,uid);
200 /* execl() password-change application */
201 if (execl("/bin/sh","sh","-c",passwordprogram,NULL) < 0) {
202 DEBUG(3,("Bad status returned from %s\n",passwordprogram));
208 static int expect(int master,char *expected,char *buf)
215 if (n >= BUFSIZE-1) {
219 /* allow 4 seconds for some output to appear */
220 m = read_with_timeout(master, buf+n, 1, BUFSIZE-1-n, 4000);
230 pstrcpy(s2,expected);
231 if (do_match(s1, s2, False))
237 static void pwd_sub(char *buf)
239 string_sub(buf,"\\n","\n");
240 string_sub(buf,"\\r","\r");
241 string_sub(buf,"\\s"," ");
242 string_sub(buf,"\\t","\t");
245 static void writestring(int fd,char *s)
254 static int talktochild(int master, char *chatsequence)
258 char *ptr=chatsequence;
264 while (next_token(&ptr,chatbuf,NULL)) {
268 if (!strequal(chatbuf,"."))
269 ok = expect(master,chatbuf,buf);
271 if(lp_passwd_chat_debug())
272 DEBUG(100,("talktochild: chatbuf=[%s] responsebuf=[%s]\n",chatbuf,buf));
275 DEBUG(3,("response %d incorrect\n",count));
279 if (!next_token(&ptr,chatbuf,NULL)) break;
281 if (!strequal(chatbuf,"."))
282 writestring(master,chatbuf);
284 if(lp_passwd_chat_debug())
285 DEBUG(100,("talktochild: sendbuf=[%s]\n",chatbuf));
288 if (count<1) return(False);
294 BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequence, BOOL as_root)
302 /* allocate a pseudo-terminal device */
303 if ((master = findpty (&slavedev)) < 0) {
304 DEBUG(3,("Cannot Allocate pty for password change: %s",name));
308 if ((pid = fork()) < 0) {
309 DEBUG(3,("Cannot fork() child for password change: %s",name));
313 /* we now have a pty */
314 if (pid > 0){ /* This is the parent process */
315 if ((chstat = talktochild(master, chatsequence)) == False) {
316 DEBUG(3,("Child failed to change password: %s\n",name));
317 kill(pid, SIGKILL); /* be sure to end this process */
320 if ((wpid = sys_waitpid(pid, &wstat, 0)) < 0) {
321 DEBUG(3,("The process is no longer waiting!\n\n"));
325 DEBUG(3,("We were waiting for the wrong process ID\n"));
328 if (WIFEXITED(wstat) == 0) {
329 DEBUG(3,("The process exited while we were waiting\n"));
332 if (WEXITSTATUS(wstat) != 0) {
333 DEBUG(3,("The status of the process exiting was %d\n", wstat));
340 /* make sure it doesn't freeze */
345 DEBUG(3,("Dochild for user %s (uid=%d,gid=%d)\n",name,getuid(),getgid()));
346 chstat = dochild(master, slavedev, name, passwordprogram, as_root);
349 unbecome_root(False);
351 DEBUG(3,("Password change %ssuccessful for user %s\n", (chstat?"":"un"), name));
356 BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
358 pstring passwordprogram;
359 pstring chatsequence;
364 DEBUG(3,("Password change for user: %s\n",name));
367 DEBUG(100,("Passwords: old=%s new=%s\n",oldpass,newpass));
370 /* Take the passed information and test it for minimum criteria */
371 /* Minimum password length */
372 if (strlen(newpass) < MINPASSWDLENGTH) /* too short, must be at least MINPASSWDLENGTH */
374 DEBUG(2,("Password Change: %s, New password is shorter than MINPASSWDLENGTH\n",name));
375 return (False); /* inform the user */
378 /* Password is same as old password */
379 if (strcmp(oldpass,newpass) == 0) /* don't allow same password */
381 DEBUG(2,("Password Change: %s, New password is same as old\n",name)); /* log the attempt */
382 return (False); /* inform the user */
385 #if (defined(PASSWD_PROGRAM) && defined(PASSWD_CHAT))
386 pstrcpy(passwordprogram,PASSWD_PROGRAM);
387 pstrcpy(chatsequence,PASSWD_CHAT);
389 pstrcpy(passwordprogram,lp_passwd_program());
390 pstrcpy(chatsequence,lp_passwd_chat());
393 if (!*chatsequence) {
394 DEBUG(2,("Null chat sequence - no password changing\n"));
398 if (!*passwordprogram) {
399 DEBUG(2,("Null password program - no password changing\n"));
404 * Check the old and new passwords don't contain any control
408 len = strlen(oldpass);
409 for(i = 0; i < len; i++) {
410 if(iscntrl(oldpass[i])) {
411 DEBUG(0,("chat_with_program: oldpass contains control characters (disallowed).\n"));
416 len = strlen(newpass);
417 for(i = 0; i < len; i++) {
418 if(iscntrl(newpass[i])) {
419 DEBUG(0,("chat_with_program: newpass contains control characters (disallowed).\n"));
424 string_sub(passwordprogram,"%u",name);
425 string_sub(passwordprogram,"%o",oldpass);
426 string_sub(passwordprogram,"%n",newpass);
428 string_sub(chatsequence,"%u",name);
429 string_sub(chatsequence,"%o",oldpass);
430 string_sub(chatsequence,"%n",newpass);
431 return(chat_with_program(passwordprogram,name,chatsequence, as_root));
434 #else /* ALLOW_CHANGE_PASSWORD */
435 BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
437 DEBUG(0,("Password changing not compiled in (user=%s)\n",name));
440 #endif /* ALLOW_CHANGE_PASSWORD */
442 /***********************************************************
443 Code to check the lanman hashed password.
444 ************************************************************/
446 BOOL check_lanman_password(char *user, unsigned char *pass1,
447 unsigned char *pass2, struct smb_passwd **psmbpw)
449 unsigned char unenc_new_pw[16];
450 unsigned char unenc_old_pw[16];
451 unsigned char null_pw[16];
452 struct smb_passwd *smbpw;
457 smbpw = getsmbpwnam(user);
462 DEBUG(0,("check_lanman_password: getsmbpwnam returned NULL\n"));
466 if(smbpw->acct_ctrl & ACB_DISABLED)
468 DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
472 if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
474 unsigned char no_pw[14];
475 memset(no_pw, '\0', 14);
476 E_P16((uchar *)no_pw, (uchar *)null_pw);
477 smbpw->smb_passwd = null_pw;
478 } else if (smbpw->smb_passwd == NULL) {
479 DEBUG(0,("check_lanman_password: no lanman password !\n"));
483 /* Get the new lanman hash. */
484 D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
486 /* Use this to get the old lanman hash. */
487 D_P16(unenc_new_pw, pass1, unenc_old_pw);
489 /* Check that the two old passwords match. */
490 if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
492 DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
500 /***********************************************************
501 Code to change the lanman hashed password.
502 It nulls out the NT hashed password as it will
504 ************************************************************/
506 BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2)
508 unsigned char unenc_new_pw[16];
509 unsigned char null_pw[16];
514 DEBUG(0,("change_lanman_password: no smb password entry.\n"));
518 if(smbpw->acct_ctrl & ACB_DISABLED)
520 DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->smb_name));
524 if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
526 unsigned char no_pw[14];
527 memset(no_pw, '\0', 14);
528 E_P16((uchar *)no_pw, (uchar *)null_pw);
529 smbpw->smb_passwd = null_pw;
530 } else if (smbpw->smb_passwd == NULL) {
531 DEBUG(0,("change_lanman_password: no lanman password !\n"));
535 /* Get the new lanman hash. */
536 D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
538 smbpw->smb_passwd = unenc_new_pw;
539 smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
541 /* Now write it into the file. */
543 ret = mod_smbpwd_entry(smbpw,False);
549 /***********************************************************
550 Code to check the OEM hashed password.
551 ************************************************************/
553 BOOL check_oem_password(char *user, unsigned char *data,
554 struct smb_passwd **psmbpw, char *new_passwd,
557 struct smb_passwd *smbpw = NULL;
559 fstring upper_case_new_passwd;
560 unsigned char new_p16[16];
561 unsigned char unenc_old_pw[16];
562 unsigned char null_pw[16];
565 *psmbpw = smbpw = getsmbpwnam(user);
570 DEBUG(0,("check_oem_password: getsmbpwnam returned NULL\n"));
574 if(smbpw->acct_ctrl & ACB_DISABLED)
576 DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
580 if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
582 unsigned char no_pw[14];
583 memset(no_pw, '\0', 14);
584 E_P16((uchar *)no_pw, (uchar *)null_pw);
585 smbpw->smb_passwd = null_pw;
586 } else if (smbpw->smb_passwd == NULL) {
587 DEBUG(0,("check_oem_password: no lanman password !\n"));
592 * Call the hash function to get the new password.
594 SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd, True);
597 * The length of the new password is in the last 4 bytes of
600 new_pw_len = IVAL(data,512);
601 if(new_pw_len < 0 || new_pw_len > new_passwd_size - 1) {
602 DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len));
606 memcpy(new_passwd, &data[512-new_pw_len], new_pw_len);
607 new_passwd[new_pw_len] = '\0';
610 * To ensure we got the correct new password, hash it and
611 * use it as a key to test the passed old password.
614 memset(upper_case_new_passwd, '\0', sizeof(upper_case_new_passwd));
615 fstrcpy(upper_case_new_passwd, new_passwd);
616 strupper(upper_case_new_passwd);
618 E_P16((uchar *)upper_case_new_passwd, new_p16);
621 * Now use new_p16 as the key to see if the old
624 D_P16(new_p16, &data[516], unenc_old_pw);
626 if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) {
627 DEBUG(0,("check_oem_password: old password doesn't match.\n"));
631 memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd));
636 /***********************************************************
637 Code to change the oem password. Changes both the lanman
639 override = False, normal
640 override = True, override XXXXXXXXXX'd password
641 ************************************************************/
643 BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override)
646 fstring upper_case_new_passwd;
647 unsigned char new_nt_p16[16];
648 unsigned char new_p16[16];
650 memset(upper_case_new_passwd, '\0', sizeof(upper_case_new_passwd));
651 fstrcpy(upper_case_new_passwd, new_passwd);
652 strupper(upper_case_new_passwd);
654 E_P16((uchar *)upper_case_new_passwd, new_p16);
656 smbpw->smb_passwd = new_p16;
658 E_md4hash((uchar *) new_passwd, new_nt_p16);
659 smbpw->smb_nt_passwd = new_nt_p16;
661 /* Now write it into the file. */
663 ret = mod_smbpwd_entry(smbpw,override);
666 memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd));
667 memset(new_passwd, '\0', strlen(new_passwd));