Bug 8386 - passwords greater than 8 characters supplied to smbpasswd 3.6 don't work
Summary: passwords greater than 8 characters supplied to smbpasswd 3.6 don't work
Status: RESOLVED DUPLICATE of bug 8729
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: 3.6.0
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-19 06:46 UTC by mvolaski
Modified: 2012-05-16 07:01 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mvolaski 2011-08-19 06:46:50 UTC 
Existing passwords in a passdb.tdb seem to work regardless of length. However, when using smbpsswd in samba 3.6 to save a password greater than 8 characters, OS X and Windows clients will get rejected. Interestingly, the smbclient does work.
Comment 1 Jeremy Allison 2011-08-19 15:53:44 UTC 
What platform are you testing this on ? Is it Solaris ? Some UNIXes have a broken getpass() function that limits to 8 characters or less, our autoconf tests should detect this and use our own version instead.

Can you give me more details on how you are reproducing please ?

Thanks,

Jeremy.
Comment 2 mvolaski 2011-08-26 18:28:48 UTC 
This is on Solaris Express 11, the latest build. Existing passwords greater than 8 characters work. It's only the new ones I add with smbpasswd that do not work from the Mac or Windows, but they do work with smbclient (on Solaris).
Comment 3 Katsuya Tomioka 2011-11-15 04:24:51 UTC 
I was having the same problem (Solaris Express 11 and samba 3.6.1). utils/passwd_util.c wasn't including "system/passwd.h" which would have replaced getpass with getpassphrase on Solaris. Maybe includes.h should include the file. Hope it helps.
Comment 4 Joseph Tam 2012-05-15 10:46:42 UTC 
This is still a problem as of 3.6.4 with Solaris 10.

The output of sotruss shows that smbpasswd is using getpass() instead
of getpassphrase().  The NTLM hashes are derived from passwords truncated
to 8 characters.

Configure correctly detects the existence of getpassphrase(), and as
Katsuya Tomioka noted, the header file system/passwd.h file which would
re-define getpass() with getpassphrase() does not get included in the
source files which use getpass().

In fact, it seems perfectly perverse in that all the .c files that
use getpass() does not include system/passwd.h, and all the files that
include system/passwd.h do not use getpass()!

Modules that use getpass():

        source3/client/client.c
        source3/lib/netapi/cm.c
        source3/lib/util_cmdline.c
        source3/rpcclient/rpcclient.c
        source3/utils/net_ads.c
        source3/utils/net_rpc.c
        source3/utils/net_util.c
        source3/utils/netlookup.c
        source3/utils/ntlm_auth.c
        source3/utils/passwd_util.c
        source3/utils/smbcacls.c
        source3/utils/smbcquotas.c
        source3/utils/smbget.c
        source3/utils/smbtree.c

        # Not sure if these need fixing.
        source3/torture/locktest.c
        source3/torture/locktest2.c
        source3/torture/masktest.c
        source3/torture/torture.c

I'm not sure what the comprehensive fix is, but I do confirm that adding

        #include "system/passwd.h"

to source3/lib/utils/passwd_util.c creates a smbpasswd executable that
supports getpassphrase(), which in turn, creates correct NTLM hashes
for passwords >8 chars.
Comment 5 Stefan Metzmacher 2012-05-16 07:01:50 UTC 
Should be fixed in the next non-security release of 3.6.x

*** This bug has been marked as a duplicate of bug 8729 ***