The Samba-Bugzilla – Bug 229
passwd program not executed as root
Last modified: 2005-11-14 09:31:21 UTC
It seems that the passwd program in beta2 is not executed as root but as the user who tries to
change his password.
I assumed this because the passwd chat debug told me that the passwd program asks for an
old password (what would not happen as root) and Chee Wai Yeung
(firstname.lastname@example.org) wrote a wrapper and was able to prove this behaviour.
Do you have a reason why pass_oem_change() doesn't try to execute the
password change as root anymore? the password change is being done as the
user which can't work for obvious reasons. I see where you made the
change to smbd/chgpasswd.c r220.127.116.11 in SAMBA_3_0 but am thinking it was a
note that the calls to change_oem_password() in srv_samr_nt.c are being called
with as_root == True.
No, that looks like a pretty standard bug to me.
We need to give 'change_oem_password()' an as_root parameter I suppose.
Whatever we do, we need to ensure that a user cannot just do it as root by
entering a NULL/"" old password (for the *very* rarely used codepath where we
have the old password in plaintext).
I have checked in a fix for this. PLEASE CHECK !!!!!
I have checked in a fix for this. PLEASE TEST !!
originally reported against 3.0.0beta2. CLeaning out
non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.