Adding the same changes to HEAD as were added to BRANCH_1_9_18.

Changed smbpasswd to be client-server for a normal user, rather
than accessing the private/smbpasswd file directly (it still accesses
this file directly when run as root, so root can add users/change a
users password without knowing the old password).

A shakeout of this change is that smbpasswd can now be used to
change a users password on a remote NT machine (yep - you heard
that one right - we can now change a NT password from UNIX !!!!!).

Jeremy.
(This used to be commit 20770b6f1c25288e90d3e0d215afa7f0809ce124)

1 files changed, 24 insertions, 5 deletions

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 57d81ad756..779845d37a 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -408,6 +408,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
 {
   unsigned char unenc_new_pw[16];
   unsigned char unenc_old_pw[16];
+  unsigned char null_pw[16];
   struct smb_passwd *smbpw;
 
   *psmbpw = NULL;
@@ -428,8 +429,13 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
     return False;
   }
 
-  if(smbpw->smb_passwd == NULL)
+  if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
   {
+    unsigned char no_pw[14];
+    memset(no_pw, '\0', 14);
+    E_P16((uchar *)no_pw, (uchar *)null_pw);
+    smbpw->smb_passwd = null_pw;
+  } else if (smbpw->smb_passwd == NULL) {
     DEBUG(0,("check_lanman_password: no lanman password !\n"));
     return False;
   }
@@ -460,6 +466,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
 BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2)
 {
   unsigned char unenc_new_pw[16];
+  unsigned char null_pw[16];
   BOOL ret;
 
   if(smbpw == NULL)
@@ -474,8 +481,13 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi
     return False;
   }
 
-  if(smbpw->smb_passwd == NULL)
+  if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
   {
+    unsigned char no_pw[14];
+    memset(no_pw, '\0', 14);
+    E_P16((uchar *)no_pw, (uchar *)null_pw);
+    smbpw->smb_passwd = null_pw;
+  } else if (smbpw->smb_passwd == NULL) {
     DEBUG(0,("change_lanman_password: no lanman password !\n"));
     return False;
   }
@@ -507,6 +519,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
   fstring upper_case_new_passwd;
   unsigned char new_p16[16];
   unsigned char unenc_old_pw[16];
+  unsigned char null_pw[16];
 
   become_root(0);
   *psmbpw = smbpw = get_smbpwd_entry(user, 0);
@@ -524,8 +537,13 @@ BOOL check_oem_password(char *user, unsigned char *data,
     return False;
   }
 
-  if(smbpw->smb_passwd == NULL)
+  if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
   {
+    unsigned char no_pw[14];
+    memset(no_pw, '\0', 14);
+    E_P16((uchar *)no_pw, (uchar *)null_pw);
+    smbpw->smb_passwd = null_pw;
+  } else if (smbpw->smb_passwd == NULL) {
     DEBUG(0,("check_oem_password: no lanman password !\n"));
     return False;
   }
@@ -533,7 +551,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
   /* 
    * Call the hash function to get the new password.
    */
-  SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd);
+  SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd, True);
 
   /* 
    * The length of the new password is in the last 4 bytes of
@@ -541,7 +559,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
    */
   new_pw_len = IVAL(data,512);
   if(new_pw_len < 0 || new_pw_len > new_passwd_size - 1) {
-    DEBUG(0,("check_oem_password: incorrect password length.\n"));
+    DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len));
     return False;
   }
 
@@ -587,6 +605,7 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd)
   unsigned char new_nt_p16[16];
   unsigned char new_p16[16];
 
+  memset(upper_case_new_passwd, '\0', sizeof(upper_case_new_passwd));
   fstrcpy(upper_case_new_passwd, new_passwd);
   strupper(upper_case_new_passwd);