483 – SWAT password creation seems to be seriously broken

Bug 483 - SWAT password creation seems to be seriously broken

Summary: SWAT password creation seems to be seriously broken

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	SWAT (show other bugs)
Version:	3.0.2
Hardware:	All Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Gerald (Jerry) Carter (dead mail address)
QA Contact:

URL:
Keywords:

Duplicates (1):	1053 (view as bug list)
Depends on:
Blocks:	807
	Show dependency tree / graph

Reported:	2003-09-19 14:07 UTC by Colin Sampaleanu
Modified:	2005-08-24 10:25 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
It seems that some useful flags were not set in swat (903 bytes, patch) 2004-05-05 01:55 UTC, Michel Gravey	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Colin Sampaleanu 2003-09-19 14:07:09 UTC

If I use the command-line smbpasswd tool to create a user and set or change the
password, the user is added properly in the smbpasswd file, and can validate
properly.

SWAT appears to be completely broken. If I add a new user, it tells me that I
must also enter the new password (twice, of course). Fine, except the user gets
inserted with 'XXXXXXXXXXX....' for the password!  If I then use SWAT's change
password function the password does get changed to what appears to be a valid
hashed value, but in fact the user can not authenticate. Comparing the hash to
the hash produced by using command-line smbpasswd, shows they are different. I
have no idea how SWAT is generating the hash.

For example, for the password 'hello', this is what SWAT generated:
test3:518:B8141342B814134248131342B0BA2008:481313424813134273696F6E002D352D:[U 
        ]:LCT-00000000:

But 'smbpasswd -Utest3', entering the same password, set it to this:
test3:518:FDA95FBECA288D44AAD3B435B51404EE:066DDFD4EF0E9CD7C256FE77191EF43C:[U 
        ]:LCT-3F6B6D4E:

What is extra weird is that running SWAT to try to change the password a 2nd or
subsequent time simply does nothing; the entry in smbpasswd is not touched.

I get this behaviour on both RedHat9 and RedHat 7.3...

Comment 1 Andree Leidenfrost 2004-02-01 16:10:47 UTC

This still persists on version 3.0.1 (Debian woody).

Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-02-10 14:16:04 UTC

*** Bug 1053 has been marked as a duplicate of this bug. ***

Comment 3 Michel Gravey 2004-05-05 01:55:54 UTC

Created attachment 490 [details]
It seems that some useful flags were not set in swat

Seems to work fine now with create user and change user password.
Maybe it's the wrong may but it works.

Comment 4 Michel Gravey 2004-05-05 02:04:09 UTC

Comment on attachment 490 [details]
It seems that some useful flags were not set in swat

Patch against version 3.02a

Comment 5 Gerald (Jerry) Carter (dead mail address) 2004-05-05 07:42:11 UTC

Looks good.  I'll run some tests and check it in.
Much appreciated.

Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:25:15 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.