The Samba-Bugzilla – Attachment 13496 Details for
Bug 12975
Changing the password with 'smbpasswd' as a local user on a domain member doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.6
smbpasswd_v4.6.patch (text/plain), 12.63 KB, created by
Andreas Schneider
on 2017-08-23 15:21:43 UTC
(
hide
)
Description:
patch for 4.6
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2017-08-23 15:21:43 UTC
Size:
12.63 KB
patch
obsolete
>From f7046a874ce3ab5d9b4024442daf03e79f25956b Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 18 Aug 2017 16:08:46 +0200 >Subject: [PATCH 1/6] s3:libsmb: Pass domain to remote_password_change() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlet <abartlet@samba.org> >(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29) >--- > source3/include/proto.h | 3 ++- > source3/libsmb/passchange.c | 5 +++-- > source3/utils/smbpasswd.c | 3 ++- > 3 files changed, 7 insertions(+), 4 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index baa579995a5..9deb27b416b 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -834,7 +834,8 @@ bool get_dc_name(const char *domain, > > /* The following definitions come from libsmb/passchange.c */ > >-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, >+NTSTATUS remote_password_change(const char *remote_machine, >+ const char *domain, const char *user_name, > const char *old_passwd, const char *new_passwd, > char **err_str); > >diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c >index c89b7ca85d1..48ffba8036f 100644 >--- a/source3/libsmb/passchange.c >+++ b/source3/libsmb/passchange.c >@@ -30,7 +30,8 @@ > Change a password on a remote machine using IPC calls. > *************************************************************/ > >-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, >+NTSTATUS remote_password_change(const char *remote_machine, >+ const char *domain, const char *user_name, > const char *old_passwd, const char *new_passwd, > char **err_str) > { >@@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam > > creds = cli_session_creds_init(cli, > user_name, >- NULL, /* domain */ >+ domain, > NULL, /* realm */ > old_passwd, > false, /* use_kerberos */ >diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c >index 437a5e551bb..4d7a3c739bc 100644 >--- a/source3/utils/smbpasswd.c >+++ b/source3/utils/smbpasswd.c >@@ -258,7 +258,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username, > fprintf(stderr, "Invalid remote operation!\n"); > return NT_STATUS_UNSUCCESSFUL; > } >- ret = remote_password_change(remote_mach, username, >+ ret = remote_password_change(remote_mach, >+ NULL, username, > old_passwd, new_pw, &err_str); > } else { > ret = local_password_change(username, local_flags, new_pw, >-- >2.14.1 > > >From f215f7c53032689dbdaac96a3a16fa7d3fe3d3c5 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 18 Aug 2017 16:10:06 +0200 >Subject: [PATCH 2/6] s3:libsmb: Move prototye of remote_password_change() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlet <abartlet@samba.org> >(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950) >--- > source3/include/proto.h | 7 ------- > source3/libsmb/proto.h | 10 ++++++++++ > source3/utils/smbpasswd.c | 1 + > 3 files changed, 11 insertions(+), 7 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 9deb27b416b..67e1a9d750e 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -832,13 +832,6 @@ bool get_dc_name(const char *domain, > fstring srv_name, > struct sockaddr_storage *ss_out); > >-/* The following definitions come from libsmb/passchange.c */ >- >-NTSTATUS remote_password_change(const char *remote_machine, >- const char *domain, const char *user_name, >- const char *old_passwd, const char *new_passwd, >- char **err_str); >- > /* The following definitions come from libsmb/smberr.c */ > > const char *smb_dos_err_name(uint8_t e_class, uint16_t num); >diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h >index a583a8ee159..44f4d04cff5 100644 >--- a/source3/libsmb/proto.h >+++ b/source3/libsmb/proto.h >@@ -31,6 +31,9 @@ > > struct smb_trans_enc_state; > struct cli_credentials; >+struct cli_state; >+struct file_info; >+struct print_job_info; > > /* The following definitions come from libsmb/cliconnect.c */ > >@@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char *fname, > TALLOC_CTX *mem_ctx, char **psubstitute_name, > char **pprint_name, uint32_t *pflags); > >+/* The following definitions come from libsmb/passchange.c */ >+ >+NTSTATUS remote_password_change(const char *remote_machine, >+ const char *domain, const char *user_name, >+ const char *old_passwd, const char *new_passwd, >+ char **err_str); >+ > #endif /* _LIBSMB_PROTO_H_ */ >diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c >index 4d7a3c739bc..6eb2deb7a3b 100644 >--- a/source3/utils/smbpasswd.c >+++ b/source3/utils/smbpasswd.c >@@ -21,6 +21,7 @@ > #include "secrets.h" > #include "../librpc/gen_ndr/samr.h" > #include "../lib/util/util_pw.h" >+#include "libsmb/proto.h" > #include "passdb.h" > > /* >-- >2.14.1 > > >From 7e6e01b965c838494203c964fa5ac55b355bd58a Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 18 Aug 2017 16:13:15 +0200 >Subject: [PATCH 3/6] s3:utils: Make strings const passed to password_change() > in smbpasswd > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlet <abartlet@samba.org> >(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373) >--- > source3/utils/smbpasswd.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c >index 6eb2deb7a3b..b0e08cc0e58 100644 >--- a/source3/utils/smbpasswd.c >+++ b/source3/utils/smbpasswd.c >@@ -243,8 +243,9 @@ static char *prompt_for_new_password(bool stdin_get) > Change a password either locally or remotely. > *************************************************************/ > >-static NTSTATUS password_change(const char *remote_mach, char *username, >- char *old_passwd, char *new_pw, >+static NTSTATUS password_change(const char *remote_mach, >+ const char *username, >+ const char *old_passwd, const char *new_pw, > int local_flags) > { > NTSTATUS ret; >-- >2.14.1 > > >From bec5dc7c8b1bca092fa4ea87016bbfdb2750896c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 18 Aug 2017 16:14:57 +0200 >Subject: [PATCH 4/6] s3:utils: Pass domain to password_change() in smbpasswd > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlet <abartlet@samba.org> >(cherry picked from commit b483340639157fe95777672f5723455c48c3c616) >--- > source3/utils/smbpasswd.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > >diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c >index b0e08cc0e58..92712e38f6b 100644 >--- a/source3/utils/smbpasswd.c >+++ b/source3/utils/smbpasswd.c >@@ -244,7 +244,7 @@ static char *prompt_for_new_password(bool stdin_get) > *************************************************************/ > > static NTSTATUS password_change(const char *remote_mach, >- const char *username, >+ const char *domain, const char *username, > const char *old_passwd, const char *new_pw, > int local_flags) > { >@@ -261,7 +261,7 @@ static NTSTATUS password_change(const char *remote_mach, > return NT_STATUS_UNSUCCESSFUL; > } > ret = remote_password_change(remote_mach, >- NULL, username, >+ domain, username, > old_passwd, new_pw, &err_str); > } else { > ret = local_password_change(username, local_flags, new_pw, >@@ -466,7 +466,8 @@ static int process_root(int local_flags) > } > } > >- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, >+ if (!NT_STATUS_IS_OK(password_change(remote_machine, >+ NULL, user_name, > old_passwd, new_passwd, > local_flags))) { > result = 1; >@@ -566,8 +567,9 @@ static int process_nonroot(int local_flags) > exit(1); > } > >- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw, >- new_pw, 0))) { >+ if (!NT_STATUS_IS_OK(password_change(remote_machine, >+ NULL, user_name, >+ old_pw, new_pw, 0))) { > result = 1; > goto done; > } >-- >2.14.1 > > >From 72dd200ce430b23a887ddfa73c2b618bf387c583 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 18 Aug 2017 16:17:08 +0200 >Subject: [PATCH 5/6] s3:utils: Make sure we authenticate against our SAM name > in smbpasswd > >If a local user wants to change his password using smbpasswd and the >machine is a domain member, we need to make sure we authenticate against >our SAM and not ask winbind. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlet <abartlet@samba.org> >(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02) >--- > source3/utils/smbpasswd.c | 32 +++++++++++++++++++++++++++----- > 1 file changed, 27 insertions(+), 5 deletions(-) > >diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c >index 92712e38f6b..556e6869da7 100644 >--- a/source3/utils/smbpasswd.c >+++ b/source3/utils/smbpasswd.c >@@ -58,7 +58,7 @@ static void usage(void) > printf(" -c smb.conf file Use the given path to the smb.conf file\n"); > printf(" -D LEVEL debug level\n"); > printf(" -r MACHINE remote machine\n"); >- printf(" -U USER remote username\n"); >+ printf(" -U USER remote username (e.g. SAM/user)\n"); > > printf("extra options when run by root or in local mode:\n"); > printf(" -a add user\n"); >@@ -95,7 +95,7 @@ static int process_options(int argc, char **argv, int local_flags) > > user_name[0] = '\0'; > >- while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) { >+ while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) { > switch(ch) { > case 'L': > if (getuid() != 0) { >@@ -519,6 +519,9 @@ static int process_nonroot(int local_flags) > int result = 0; > char *old_pw = NULL; > char *new_pw = NULL; >+ const char *username = user_name; >+ const char *domain = NULL; >+ char *p = NULL; > > if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) { > /* Extra flags that we can't honor non-root */ >@@ -536,6 +539,15 @@ static int process_nonroot(int local_flags) > } > } > >+ /* Allow domain as part of the username */ >+ if ((p = strchr_m(user_name, '\\')) || >+ (p = strchr_m(user_name, '/')) || >+ (p = strchr_m(user_name, *lp_winbind_separator()))) { >+ *p = '\0'; >+ username = p + 1; >+ domain = user_name; >+ } >+ > /* > * A non-root user is always setting a password > * via a remote machine (even if that machine is >@@ -544,8 +556,18 @@ static int process_nonroot(int local_flags) > > load_interfaces(); /* Delayed from main() */ > >- if (remote_machine == NULL) { >+ if (remote_machine != NULL) { >+ if (!is_ipaddress(remote_machine)) { >+ domain = remote_machine; >+ } >+ } else { > remote_machine = "127.0.0.1"; >+ >+ /* >+ * If we deal with a local user, change the password for the >+ * user in our SAM. >+ */ >+ domain = get_global_sam_name(); > } > > if (remote_machine != NULL) { >@@ -568,13 +590,13 @@ static int process_nonroot(int local_flags) > } > > if (!NT_STATUS_IS_OK(password_change(remote_machine, >- NULL, user_name, >+ domain, username, > old_pw, new_pw, 0))) { > result = 1; > goto done; > } > >- printf("Password changed for user %s\n", user_name); >+ printf("Password changed for user %s\n", username); > > done: > SAFE_FREE(old_pw); >-- >2.14.1 > > >From 7d8aae447a411eb4903850c30366a18d1714f7c0 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 22 Aug 2017 15:46:07 +0200 >Subject: [PATCH 6/6] s3:utils: Remove pointless if-clause for remote_machine > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 > >Review with: git show -U20 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlet <abartlet@samba.org> >(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e) >--- > source3/utils/smbpasswd.c | 10 ++++------ > 1 file changed, 4 insertions(+), 6 deletions(-) > >diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c >index 556e6869da7..fb7ad283995 100644 >--- a/source3/utils/smbpasswd.c >+++ b/source3/utils/smbpasswd.c >@@ -570,12 +570,10 @@ static int process_nonroot(int local_flags) > domain = get_global_sam_name(); > } > >- if (remote_machine != NULL) { >- old_pw = get_pass("Old SMB password:",stdin_passwd_get); >- if (old_pw == NULL) { >- fprintf(stderr, "Unable to get old password.\n"); >- exit(1); >- } >+ old_pw = get_pass("Old SMB password:",stdin_passwd_get); >+ if (old_pw == NULL) { >+ fprintf(stderr, "Unable to get old password.\n"); >+ exit(1); > } > > if (!new_passwd) { >-- >2.14.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 12975
:
13494
| 13496