diff options
author | Jeremy Allison <jra@samba.org> | 2003-07-31 01:33:44 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-07-31 01:33:44 +0000 |
commit | ba12e6bb5fcfbf4bdba8f2c38978d38e1f857286 (patch) | |
tree | 3ad30b2e51e5a927bc72be687b7b61fda02425e3 /source3/smbd/lanman.c | |
parent | aa7f82c5cc751915192a8641dc87c837a61e29fb (diff) | |
download | samba-ba12e6bb5fcfbf4bdba8f2c38978d38e1f857286.tar.gz samba-ba12e6bb5fcfbf4bdba8f2c38978d38e1f857286.tar.xz samba-ba12e6bb5fcfbf4bdba8f2c38978d38e1f857286.zip |
Wrap calls to change_oem_password() in become_root()/unbecome_root() pairs
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
(This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
Diffstat (limited to 'source3/smbd/lanman.c')
-rw-r--r-- | source3/smbd/lanman.c | 112 |
1 files changed, 57 insertions, 55 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 04d6a9a8a8e..a5f7a7b2ea9 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1897,76 +1897,78 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *p = skip_string(param+2,2); - fstring user; - fstring pass1,pass2; + char *p = skip_string(param+2,2); + fstring user; + fstring pass1,pass2; - pull_ascii_fstring(user,p); + pull_ascii_fstring(user,p); - p = skip_string(p,1); + p = skip_string(p,1); - memset(pass1,'\0',sizeof(pass1)); - memset(pass2,'\0',sizeof(pass2)); - memcpy(pass1,p,16); - memcpy(pass2,p+16,16); + memset(pass1,'\0',sizeof(pass1)); + memset(pass2,'\0',sizeof(pass2)); + memcpy(pass1,p,16); + memcpy(pass2,p+16,16); - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); - *rdata_len = 0; + *rdata_len = 0; - SSVAL(*rparam,0,NERR_badpass); - SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,0,NERR_badpass); + SSVAL(*rparam,2,0); /* converter word */ - DEBUG(3,("Set password for <%s>\n",user)); + DEBUG(3,("Set password for <%s>\n",user)); - /* - * Attempt to verify the old password against smbpasswd entries - * Win98 clients send old and new password in plaintext for this call. - */ + /* + * Attempt to verify the old password against smbpasswd entries + * Win98 clients send old and new password in plaintext for this call. + */ - { - auth_serversupplied_info *server_info = NULL; - DATA_BLOB password = data_blob(pass1, strlen(pass1)+1); - if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) { - - if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2))) - { - SSVAL(*rparam,0,NERR_Success); - } - - free_server_info(&server_info); - } - data_blob_clear_free(&password); - } + { + auth_serversupplied_info *server_info = NULL; + DATA_BLOB password = data_blob(pass1, strlen(pass1)+1); - /* - * If the plaintext change failed, attempt - * the old encrypted method. NT will generate this - * after trying the samr method. Note that this - * method is done as a last resort as this - * password change method loses the NT password hash - * and cannot change the UNIX password as no plaintext - * is received. - */ + if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) { - if(SVAL(*rparam,0) != NERR_Success) - { - SAM_ACCOUNT *hnd = NULL; + become_root(); + if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2))) { + SSVAL(*rparam,0,NERR_Success); + } + unbecome_root(); - if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) && - change_lanman_password(hnd,pass2)) - { - SSVAL(*rparam,0,NERR_Success); - } - pdb_free_sam(&hnd); - } + free_server_info(&server_info); + } + data_blob_clear_free(&password); + } + /* + * If the plaintext change failed, attempt + * the old encrypted method. NT will generate this + * after trying the samr method. Note that this + * method is done as a last resort as this + * password change method loses the NT password hash + * and cannot change the UNIX password as no plaintext + * is received. + */ + + if(SVAL(*rparam,0) != NERR_Success) { + SAM_ACCOUNT *hnd = NULL; - memset((char *)pass1,'\0',sizeof(fstring)); - memset((char *)pass2,'\0',sizeof(fstring)); + if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd)) { + become_root(); + if (change_lanman_password(hnd,pass2)) { + SSVAL(*rparam,0,NERR_Success); + } + unbecome_root(); + pdb_free_sam(&hnd); + } + } + + memset((char *)pass1,'\0',sizeof(fstring)); + memset((char *)pass2,'\0',sizeof(fstring)); - return(True); + return(True); } /**************************************************************************** |