From 7abbf368f908cacdb2978e33069e49755e54faa8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 19 Mar 1998 20:06:47 +0000 Subject: Adding the same changes to HEAD as were added to BRANCH_1_9_18. Changed smbpasswd to be client-server for a normal user, rather than accessing the private/smbpasswd file directly (it still accesses this file directly when run as root, so root can add users/change a users password without knowing the old password). A shakeout of this change is that smbpasswd can now be used to change a users password on a remote NT machine (yep - you heard that one right - we can now change a NT password from UNIX !!!!!). Jeremy. (This used to be commit 20770b6f1c25288e90d3e0d215afa7f0809ce124) --- source3/smbd/chgpasswd.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'source3/smbd/chgpasswd.c') diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 57d81ad756d..779845d37ae 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -408,6 +408,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1, { unsigned char unenc_new_pw[16]; unsigned char unenc_old_pw[16]; + unsigned char null_pw[16]; struct smb_passwd *smbpw; *psmbpw = NULL; @@ -428,8 +429,13 @@ BOOL check_lanman_password(char *user, unsigned char *pass1, return False; } - if(smbpw->smb_passwd == NULL) + if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ)) { + unsigned char no_pw[14]; + memset(no_pw, '\0', 14); + E_P16((uchar *)no_pw, (uchar *)null_pw); + smbpw->smb_passwd = null_pw; + } else if (smbpw->smb_passwd == NULL) { DEBUG(0,("check_lanman_password: no lanman password !\n")); return False; } @@ -460,6 +466,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1, BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2) { unsigned char unenc_new_pw[16]; + unsigned char null_pw[16]; BOOL ret; if(smbpw == NULL) @@ -474,8 +481,13 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi return False; } - if(smbpw->smb_passwd == NULL) + if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ)) { + unsigned char no_pw[14]; + memset(no_pw, '\0', 14); + E_P16((uchar *)no_pw, (uchar *)null_pw); + smbpw->smb_passwd = null_pw; + } else if (smbpw->smb_passwd == NULL) { DEBUG(0,("change_lanman_password: no lanman password !\n")); return False; } @@ -507,6 +519,7 @@ BOOL check_oem_password(char *user, unsigned char *data, fstring upper_case_new_passwd; unsigned char new_p16[16]; unsigned char unenc_old_pw[16]; + unsigned char null_pw[16]; become_root(0); *psmbpw = smbpw = get_smbpwd_entry(user, 0); @@ -524,8 +537,13 @@ BOOL check_oem_password(char *user, unsigned char *data, return False; } - if(smbpw->smb_passwd == NULL) + if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ)) { + unsigned char no_pw[14]; + memset(no_pw, '\0', 14); + E_P16((uchar *)no_pw, (uchar *)null_pw); + smbpw->smb_passwd = null_pw; + } else if (smbpw->smb_passwd == NULL) { DEBUG(0,("check_oem_password: no lanman password !\n")); return False; } @@ -533,7 +551,7 @@ BOOL check_oem_password(char *user, unsigned char *data, /* * Call the hash function to get the new password. */ - SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd); + SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd, True); /* * The length of the new password is in the last 4 bytes of @@ -541,7 +559,7 @@ BOOL check_oem_password(char *user, unsigned char *data, */ new_pw_len = IVAL(data,512); if(new_pw_len < 0 || new_pw_len > new_passwd_size - 1) { - DEBUG(0,("check_oem_password: incorrect password length.\n")); + DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len)); return False; } @@ -587,6 +605,7 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd) unsigned char new_nt_p16[16]; unsigned char new_p16[16]; + memset(upper_case_new_passwd, '\0', sizeof(upper_case_new_passwd)); fstrcpy(upper_case_new_passwd, new_passwd); strupper(upper_case_new_passwd); -- cgit