Bug 483 - SWAT password creation seems to be seriously broken
SWAT password creation seems to be seriously broken
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: SWAT
3.0.2
All Linux
: P3 normal
: none
Assigned To: Gerald (Jerry) Carter
:
: 1053 (view as bug list)
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-09-19 14:07 UTC by Colin Sampaleanu
Modified: 2005-08-24 10:25 UTC (History)
1 user (show)

See Also:


Attachments
It seems that some useful flags were not set in swat (903 bytes, patch)
2004-05-05 01:55 UTC, Michel Gravey
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Colin Sampaleanu 2003-09-19 14:07:09 UTC
If I use the command-line smbpasswd tool to create a user and set or change the
password, the user is added properly in the smbpasswd file, and can validate
properly.

SWAT appears to be completely broken. If I add a new user, it tells me that I
must also enter the new password (twice, of course). Fine, except the user gets
inserted with 'XXXXXXXXXXX....' for the password!  If I then use SWAT's change
password function the password does get changed to what appears to be a valid
hashed value, but in fact the user can not authenticate. Comparing the hash to
the hash produced by using command-line smbpasswd, shows they are different. I
have no idea how SWAT is generating the hash.

For example, for the password 'hello', this is what SWAT generated:
test3:518:B8141342B814134248131342B0BA2008:481313424813134273696F6E002D352D:[U 
        ]:LCT-00000000:

But 'smbpasswd -Utest3', entering the same password, set it to this:
test3:518:FDA95FBECA288D44AAD3B435B51404EE:066DDFD4EF0E9CD7C256FE77191EF43C:[U 
        ]:LCT-3F6B6D4E:

What is extra weird is that running SWAT to try to change the password a 2nd or
subsequent time simply does nothing; the entry in smbpasswd is not touched.

I get this behaviour on both RedHat9 and RedHat 7.3...
Comment 1 Andree Leidenfrost 2004-02-01 16:10:47 UTC
This still persists on version 3.0.1 (Debian woody).
Comment 2 Gerald (Jerry) Carter 2004-02-10 14:16:04 UTC
*** Bug 1053 has been marked as a duplicate of this bug. ***
Comment 3 Michel Gravey 2004-05-05 01:55:54 UTC
Created attachment 490 [details]
It seems that some useful flags were not set in swat

Seems to work fine now with create user and change user password.
Maybe it's the wrong may but it works.
Comment 4 Michel Gravey 2004-05-05 02:04:09 UTC
Comment on attachment 490 [details]
It seems that some useful flags were not set in swat

Patch against version 3.02a
Comment 5 Gerald (Jerry) Carter 2004-05-05 07:42:11 UTC
Looks good.  I'll run some tests and check it in.
Much appreciated.
Comment 6 Gerald (Jerry) Carter 2005-08-24 10:25:15 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.