diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-10-30 05:21:16 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-10-30 05:21:16 +0000 |
commit | cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c (patch) | |
tree | 7a1aa590bdac6330f7b6f5b7950943aed8006a36 | |
parent | c3f5df8d6743bb7b48118b378f23268008e74145 (diff) | |
download | samba-cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c.tar.gz samba-cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c.tar.xz samba-cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c.zip |
Fix up smbpasswd -e/-d so that it doesn't change the password under you any
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
-rw-r--r-- | source/include/smb.h | 1 | ||||
-rw-r--r-- | source/pam_smbpass/pam_smb_auth.c | 4 | ||||
-rw-r--r-- | source/pam_smbpass/pam_smb_passwd.c | 2 | ||||
-rw-r--r-- | source/passdb/passdb.c | 21 | ||||
-rw-r--r-- | source/utils/smbpasswd.c | 24 |
5 files changed, 18 insertions, 34 deletions
diff --git a/source/include/smb.h b/source/include/smb.h index 16f90d0333d..dea5bb66df6 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -621,6 +621,7 @@ typedef struct sam_passwd #define LOCAL_ENABLE_USER 0x8 #define LOCAL_TRUST_ACCOUNT 0x10 #define LOCAL_SET_NO_PASSWORD 0x20 +#define LOCAL_SET_PASSWORD 0x40 /* key and data in the connections database - used in smbstatus and smbd */ struct connections_key { diff --git a/source/pam_smbpass/pam_smb_auth.c b/source/pam_smbpass/pam_smb_auth.c index 3126bebb346..82799150777 100644 --- a/source/pam_smbpass/pam_smb_auth.c +++ b/source/pam_smbpass/pam_smb_auth.c @@ -187,7 +187,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, /* Add the user to the db if they aren't already there. */ if (smb_pwent == NULL) { - retval = local_password_change( name, LOCAL_ADD_USER, + retval = local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str), msg_str, sizeof(msg_str) ); @@ -209,7 +209,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, /* Change the user's password IFF it's null. */ if (smb_pwent->smb_passwd == NULL && (smb_pwent->acct_ctrl & ACB_PWNOTREQ)) { - retval = local_password_change( name, 0, + retval = local_password_change( name, LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str), msg_str, sizeof(msg_str) ); diff --git a/source/pam_smbpass/pam_smb_passwd.c b/source/pam_smbpass/pam_smb_passwd.c index 3a987684f16..9d0b13d6cee 100644 --- a/source/pam_smbpass/pam_smb_passwd.c +++ b/source/pam_smbpass/pam_smb_passwd.c @@ -44,7 +44,7 @@ int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user err_str[0] = '\0'; msg_str[0] = '\0'; - retval = local_password_change( user, 0, pass_new, err_str, sizeof(err_str), + retval = local_password_change( user, LOCAL_SET_PASSWORD, pass_new, err_str, sizeof(err_str), msg_str, sizeof(msg_str) ); if (!retval) { diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index c58afc1f896..6a96426a9f1 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -919,13 +919,6 @@ account without a valid local system user.\n", user_name); return False; } } else if (local_flags & LOCAL_ENABLE_USER) { - if (pdb_get_lanman_passwd(sam_pass) == NULL) { - if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) { - slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } - } if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) { slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); pdb_free_sam(&sam_pass); @@ -939,19 +932,7 @@ account without a valid local system user.\n", user_name); pdb_free_sam(&sam_pass); return False; } - - /* This is needed to preserve ACB_PWNOTREQ in mod_smbfilepwd_entry */ - if (!pdb_set_lanman_passwd (sam_pass, NULL)) { - slprintf(err_str, err_str_len-1, "Failed to set NULL lanman password for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } - if (!pdb_set_nt_passwd (sam_pass, NULL)) { - slprintf(err_str, err_str_len-1, "Failed to set NULL NT password for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } - } else { + } else if (local_flags & LOCAL_SET_PASSWORD) { /* * If we're dealing with setting a completely empty user account * ie. One with a password of 'XXXX', but not set disabled (like diff --git a/source/utils/smbpasswd.c b/source/utils/smbpasswd.c index c5aafeb7233..6a330812e10 100644 --- a/source/utils/smbpasswd.c +++ b/source/utils/smbpasswd.c @@ -536,7 +536,7 @@ static int process_root(int argc, char *argv[]) struct passwd *pwd; int result = 0, ch; BOOL joining_domain = False, got_pass = False, got_username = False; - int local_flags = 0; + int local_flags = LOCAL_SET_PASSWORD; BOOL stdin_passwd_get = False; fstring user_name, user_password; char *new_domain = NULL; @@ -559,21 +559,22 @@ static int process_root(int argc, char *argv[]) break; case 'x': local_flags |= LOCAL_DELETE_USER; - new_passwd = xstrdup("XXXXXX"); + local_flags &= ~LOCAL_SET_PASSWORD; break; case 'd': local_flags |= LOCAL_DISABLE_USER; - new_passwd = xstrdup("XXXXXX"); + local_flags &= ~LOCAL_SET_PASSWORD; break; case 'e': local_flags |= LOCAL_ENABLE_USER; + local_flags &= ~LOCAL_SET_PASSWORD; break; case 'm': local_flags |= LOCAL_TRUST_ACCOUNT; break; case 'n': local_flags |= LOCAL_SET_NO_PASSWORD; - new_passwd = xstrdup("NO PASSWORD"); + local_flags &= ~LOCAL_SET_PASSWORD; break; case 'j': new_domain = optarg; @@ -733,7 +734,7 @@ static int process_root(int argc, char *argv[]) old_passwd = get_pass("Old SMB password:",stdin_passwd_get); } - if (!new_passwd) { + if (!(local_flags & LOCAL_SET_PASSWORD)) { /* * If we are trying to enable a user, first we need to find out @@ -750,15 +751,16 @@ static int process_root(int argc, char *argv[]) pdb_init_sam(&sampass); ret = pdb_getsampwnam(sampass, user_name); - if((sampass != False) && (pdb_get_lanman_passwd(sampass) != NULL)) { - new_passwd = xstrdup("XXXX"); /* Don't care. */ + if((sampass != False) && (pdb_get_lanman_passwd(sampass) == NULL)) { + local_flags |= LOCAL_SET_PASSWORD; } pdb_free_sam(&sampass); } + } - if(!new_passwd) - new_passwd = prompt_for_new_password(stdin_passwd_get); - + if(local_flags & LOCAL_SET_PASSWORD) { + new_passwd = prompt_for_new_password(stdin_passwd_get); + if(!new_passwd) { fprintf(stderr, "Unable to get new password.\n"); exit(1); @@ -771,7 +773,7 @@ static int process_root(int argc, char *argv[]) goto done; } - if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD))) { + if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) { SAM_ACCOUNT *sampass = NULL; BOOL ret; |