samba/sme10/samba-v4.6-fix_smbpasswd_user_pwd_change.patch

From f7046a874ce3ab5d9b4024442daf03e79f25956b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 18 Aug 2017 16:08:46 +0200
Subject: [PATCH 1/6] s3:libsmb: Pass domain to remote_password_change()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
---
 source3/include/proto.h     | 3 ++-
 source3/libsmb/passchange.c | 5 +++--
 source3/utils/smbpasswd.c   | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index baa579995a5..9deb27b416b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -834,7 +834,8 @@ bool get_dc_name(const char *domain,
 
 /* The following definitions come from libsmb/passchange.c  */
 
-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, 
+NTSTATUS remote_password_change(const char *remote_machine,
+                               const char *domain, const char *user_name,
                                const char *old_passwd, const char *new_passwd,
                                char **err_str);
 
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index c89b7ca85d1..48ffba8036f 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -30,7 +30,8 @@
  Change a password on a remote machine using IPC calls.
 *************************************************************/
 
-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, 
+NTSTATUS remote_password_change(const char *remote_machine,
+                               const char *domain, const char *user_name,
                                const char *old_passwd, const char *new_passwd,
                                char **err_str)
 {
@@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
 
        creds = cli_session_creds_init(cli,
                                       user_name,
-                                      NULL, /* domain */
+                                      domain,
                                       NULL, /* realm */
                                       old_passwd,
                                       false, /* use_kerberos */
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 437a5e551bb..4d7a3c739bc 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -258,7 +258,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
                        fprintf(stderr, "Invalid remote operation!\n");
                        return NT_STATUS_UNSUCCESSFUL;
                }
-               ret = remote_password_change(remote_mach, username,
+               ret = remote_password_change(remote_mach,
+                                            NULL, username,
                                             old_passwd, new_pw, &err_str);
        } else {
                ret = local_password_change(username, local_flags, new_pw,
-- 
2.14.1


From f215f7c53032689dbdaac96a3a16fa7d3fe3d3c5 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 18 Aug 2017 16:10:06 +0200
Subject: [PATCH 2/6] s3:libsmb: Move prototye of remote_password_change()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)
---
 source3/include/proto.h   |  7 -------
 source3/libsmb/proto.h    | 10 ++++++++++
 source3/utils/smbpasswd.c |  1 +
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9deb27b416b..67e1a9d750e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -832,13 +832,6 @@ bool get_dc_name(const char *domain,
                fstring srv_name,
                struct sockaddr_storage *ss_out);
 
-/* The following definitions come from libsmb/passchange.c  */
-
-NTSTATUS remote_password_change(const char *remote_machine,
-                               const char *domain, const char *user_name,
-                               const char *old_passwd, const char *new_passwd,
-                               char **err_str);
-
 /* The following definitions come from libsmb/smberr.c  */
 
 const char *smb_dos_err_name(uint8_t e_class, uint16_t num);
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index a583a8ee159..44f4d04cff5 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -31,6 +31,9 @@
 
 struct smb_trans_enc_state;
 struct cli_credentials;
+struct cli_state;
+struct file_info;
+struct print_job_info;
 
 /* The following definitions come from libsmb/cliconnect.c  */
 
@@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char *fname,
                       TALLOC_CTX *mem_ctx, char **psubstitute_name,
                      char **pprint_name, uint32_t *pflags);
 
+/* The following definitions come from libsmb/passchange.c  */
+
+NTSTATUS remote_password_change(const char *remote_machine,
+                               const char *domain, const char *user_name,
+                               const char *old_passwd, const char *new_passwd,
+                               char **err_str);
+
 #endif /* _LIBSMB_PROTO_H_ */
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 4d7a3c739bc..6eb2deb7a3b 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -21,6 +21,7 @@
 #include "secrets.h"
 #include "../librpc/gen_ndr/samr.h"
 #include "../lib/util/util_pw.h"
+#include "libsmb/proto.h"
 #include "passdb.h"
 
 /*
-- 
2.14.1


From 7e6e01b965c838494203c964fa5ac55b355bd58a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 18 Aug 2017 16:13:15 +0200
Subject: [PATCH 3/6] s3:utils: Make strings const passed to password_change()
 in smbpasswd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)
---
 source3/utils/smbpasswd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 6eb2deb7a3b..b0e08cc0e58 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -243,8 +243,9 @@ static char *prompt_for_new_password(bool stdin_get)
  Change a password either locally or remotely.
 *************************************************************/
 
-static NTSTATUS password_change(const char *remote_mach, char *username, 
-                               char *old_passwd, char *new_pw,
+static NTSTATUS password_change(const char *remote_mach,
+                               const char *username,
+                               const char *old_passwd, const char *new_pw,
                                int local_flags)
 {
        NTSTATUS ret;
-- 
2.14.1


From bec5dc7c8b1bca092fa4ea87016bbfdb2750896c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 18 Aug 2017 16:14:57 +0200
Subject: [PATCH 4/6] s3:utils: Pass domain to password_change() in smbpasswd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit b483340639157fe95777672f5723455c48c3c616)
---
 source3/utils/smbpasswd.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index b0e08cc0e58..92712e38f6b 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -244,7 +244,7 @@ static char *prompt_for_new_password(bool stdin_get)
 *************************************************************/
 
 static NTSTATUS password_change(const char *remote_mach,
-                               const char *username,
+                               const char *domain, const char *username,
                                const char *old_passwd, const char *new_pw,
                                int local_flags)
 {
@@ -261,7 +261,7 @@ static NTSTATUS password_change(const char *remote_mach,
                        return NT_STATUS_UNSUCCESSFUL;
                }
                ret = remote_password_change(remote_mach,
-                                            NULL, username,
+                                            domain, username,
                                             old_passwd, new_pw, &err_str);
        } else {
                ret = local_password_change(username, local_flags, new_pw,
@@ -466,7 +466,8 @@ static int process_root(int local_flags)
                }
        }
 
-       if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name,
+       if (!NT_STATUS_IS_OK(password_change(remote_machine,
+                                            NULL, user_name,
                                             old_passwd, new_passwd,
                                             local_flags))) {
                result = 1;
@@ -566,8 +567,9 @@ static int process_nonroot(int local_flags)
                exit(1);
        }
 
-       if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw,
-                                            new_pw, 0))) {
+       if (!NT_STATUS_IS_OK(password_change(remote_machine,
+                                            NULL, user_name,
+                                            old_pw, new_pw, 0))) {
                result = 1;
                goto done;
        }
-- 
2.14.1


From 72dd200ce430b23a887ddfa73c2b618bf387c583 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 18 Aug 2017 16:17:08 +0200
Subject: [PATCH 5/6] s3:utils: Make sure we authenticate against our SAM name
 in smbpasswd

If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
---
 source3/utils/smbpasswd.c | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 92712e38f6b..556e6869da7 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -58,7 +58,7 @@ static void usage(void)
        printf("  -c smb.conf file     Use the given path to the smb.conf file\n");
        printf("  -D LEVEL             debug level\n");
        printf("  -r MACHINE           remote machine\n");
-       printf("  -U USER              remote username\n");
+       printf("  -U USER              remote username (e.g. SAM/user)\n");
 
        printf("extra options when run by root or in local mode:\n");
        printf("  -a                   add user\n");
@@ -95,7 +95,7 @@ static int process_options(int argc, char **argv, int local_flags)
 
        user_name[0] = '\0';
 
-       while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
+       while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) {
                switch(ch) {
                case 'L':
                        if (getuid() != 0) {
@@ -519,6 +519,9 @@ static int process_nonroot(int local_flags)
        int result = 0;
        char *old_pw = NULL;
        char *new_pw = NULL;
+       const char *username = user_name;
+       const char *domain = NULL;
+       char *p = NULL;
 
        if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) {
                /* Extra flags that we can't honor non-root */
@@ -536,6 +539,15 @@ static int process_nonroot(int local_flags)
                }
        }
 
+       /* Allow domain as part of the username */
+       if ((p = strchr_m(user_name, '\\')) ||
+           (p = strchr_m(user_name, '/')) ||
+           (p = strchr_m(user_name, *lp_winbind_separator()))) {
+               *p = '\0';
+               username = p + 1;
+               domain = user_name;
+       }
+
        /*
         * A non-root user is always setting a password
         * via a remote machine (even if that machine is
@@ -544,8 +556,18 @@ static int process_nonroot(int local_flags)
 
        load_interfaces(); /* Delayed from main() */
 
-       if (remote_machine == NULL) {
+       if (remote_machine != NULL) {
+               if (!is_ipaddress(remote_machine)) {
+                       domain = remote_machine;
+               }
+       } else {
                remote_machine = "127.0.0.1";
+
+               /*
+                * If we deal with a local user, change the password for the
+                * user in our SAM.
+                */
+               domain = get_global_sam_name();
        }
 
        if (remote_machine != NULL) {
@@ -568,13 +590,13 @@ static int process_nonroot(int local_flags)
        }
 
        if (!NT_STATUS_IS_OK(password_change(remote_machine,
-                                            NULL, user_name,
+                                            domain, username,
                                             old_pw, new_pw, 0))) {
                result = 1;
                goto done;
        }
 
-       printf("Password changed for user %s\n", user_name);
+       printf("Password changed for user %s\n", username);
 
  done:
        SAFE_FREE(old_pw);
-- 
2.14.1


From 7d8aae447a411eb4903850c30366a18d1714f7c0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 22 Aug 2017 15:46:07 +0200
Subject: [PATCH 6/6] s3:utils: Remove pointless if-clause for remote_machine

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Review with: git show -U20

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)
---
 source3/utils/smbpasswd.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 556e6869da7..fb7ad283995 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -570,12 +570,10 @@ static int process_nonroot(int local_flags)
                domain = get_global_sam_name();
        }
 
-       if (remote_machine != NULL) {
-               old_pw = get_pass("Old SMB password:",stdin_passwd_get);
-               if (old_pw == NULL) {
-                       fprintf(stderr, "Unable to get old password.\n");
-                       exit(1);
-               }
+       old_pw = get_pass("Old SMB password:",stdin_passwd_get);
+       if (old_pw == NULL) {
+               fprintf(stderr, "Unable to get old password.\n");
+               exit(1);
        }
 
        if (!new_passwd) {
-- 
2.14.1

1	jpp	1.1	From f7046a874ce3ab5d9b4024442daf03e79f25956b Mon Sep 17 00:00:00 2001
2			From: Andreas Schneider <asn@samba.org>
3			Date: Fri, 18 Aug 2017 16:08:46 +0200
4			Subject: [PATCH 1/6] s3:libsmb: Pass domain to remote_password_change()
5
6			BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
7
8			Signed-off-by: Andreas Schneider <asn@samba.org>
9			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
10			(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
11			---
12			source3/include/proto.h \| 3 ++-
13			source3/libsmb/passchange.c \| 5 +++--
14			source3/utils/smbpasswd.c \| 3 ++-
15			3 files changed, 7 insertions(+), 4 deletions(-)
16
17			diff --git a/source3/include/proto.h b/source3/include/proto.h
18			index baa579995a5..9deb27b416b 100644
19			--- a/source3/include/proto.h
20			+++ b/source3/include/proto.h
21			@@ -834,7 +834,8 @@ bool get_dc_name(const char *domain,
22
23			/* The following definitions come from libsmb/passchange.c */
24
25			-NTSTATUS remote_password_change(const char remote_machine, const char user_name,
26			+NTSTATUS remote_password_change(const char *remote_machine,
27			+ const char domain, const char user_name,
28			const char old_passwd, const char new_passwd,
29			char **err_str);
30
31			diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
32			index c89b7ca85d1..48ffba8036f 100644
33			--- a/source3/libsmb/passchange.c
34			+++ b/source3/libsmb/passchange.c
35			@@ -30,7 +30,8 @@
36			Change a password on a remote machine using IPC calls.
37			*************************************************************/
38
39			-NTSTATUS remote_password_change(const char remote_machine, const char user_name,
40			+NTSTATUS remote_password_change(const char *remote_machine,
41			+ const char domain, const char user_name,
42			const char old_passwd, const char new_passwd,
43			char **err_str)
44			{
45			@@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char remote_machine, const char user_nam
46
47			creds = cli_session_creds_init(cli,
48			user_name,
49			- NULL, /* domain */
50			+ domain,
51			NULL, /* realm */
52			old_passwd,
53			false, /* use_kerberos */
54			diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
55			index 437a5e551bb..4d7a3c739bc 100644
56			--- a/source3/utils/smbpasswd.c
57			+++ b/source3/utils/smbpasswd.c
58			@@ -258,7 +258,8 @@ static NTSTATUS password_change(const char remote_mach, char username,
59			fprintf(stderr, "Invalid remote operation!\n");
60			return NT_STATUS_UNSUCCESSFUL;
61			}
62			- ret = remote_password_change(remote_mach, username,
63			+ ret = remote_password_change(remote_mach,
64			+ NULL, username,
65			old_passwd, new_pw, &err_str);
66			} else {
67			ret = local_password_change(username, local_flags, new_pw,
68			--
69			2.14.1
70
71
72			From f215f7c53032689dbdaac96a3a16fa7d3fe3d3c5 Mon Sep 17 00:00:00 2001
73			From: Andreas Schneider <asn@samba.org>
74			Date: Fri, 18 Aug 2017 16:10:06 +0200
75			Subject: [PATCH 2/6] s3:libsmb: Move prototye of remote_password_change()
76
77			BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
78
79			Signed-off-by: Andreas Schneider <asn@samba.org>
80			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
81			(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)
82			---
83			source3/include/proto.h \| 7 -------
84			source3/libsmb/proto.h \| 10 ++++++++++
85			source3/utils/smbpasswd.c \| 1 +
86			3 files changed, 11 insertions(+), 7 deletions(-)
87
88			diff --git a/source3/include/proto.h b/source3/include/proto.h
89			index 9deb27b416b..67e1a9d750e 100644
90			--- a/source3/include/proto.h
91			+++ b/source3/include/proto.h
92			@@ -832,13 +832,6 @@ bool get_dc_name(const char *domain,
93			fstring srv_name,
94			struct sockaddr_storage *ss_out);
95
96			-/* The following definitions come from libsmb/passchange.c */
97			-
98			-NTSTATUS remote_password_change(const char *remote_machine,
99			- const char domain, const char user_name,
100			- const char old_passwd, const char new_passwd,
101			- char **err_str);
102			-
103			/* The following definitions come from libsmb/smberr.c */
104
105			const char *smb_dos_err_name(uint8_t e_class, uint16_t num);
106			diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
107			index a583a8ee159..44f4d04cff5 100644
108			--- a/source3/libsmb/proto.h
109			+++ b/source3/libsmb/proto.h
110			@@ -31,6 +31,9 @@
111
112			struct smb_trans_enc_state;
113			struct cli_credentials;
114			+struct cli_state;
115			+struct file_info;
116			+struct print_job_info;
117
118			/* The following definitions come from libsmb/cliconnect.c */
119
120			@@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state cli, const char fname,
121			TALLOC_CTX mem_ctx, char *psubstitute_name,
122			char *pprint_name, uint32_t pflags);
123
124			+/* The following definitions come from libsmb/passchange.c */
125			+
126			+NTSTATUS remote_password_change(const char *remote_machine,
127			+ const char domain, const char user_name,
128			+ const char old_passwd, const char new_passwd,
129			+ char **err_str);
130			+
131			#endif /* _LIBSMB_PROTO_H_ */
132			diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
133			index 4d7a3c739bc..6eb2deb7a3b 100644
134			--- a/source3/utils/smbpasswd.c
135			+++ b/source3/utils/smbpasswd.c
136			@@ -21,6 +21,7 @@
137			#include "secrets.h"
138			#include "../librpc/gen_ndr/samr.h"
139			#include "../lib/util/util_pw.h"
140			+#include "libsmb/proto.h"
141			#include "passdb.h"
142
143			/*
144			--
145			2.14.1
146
147
148			From 7e6e01b965c838494203c964fa5ac55b355bd58a Mon Sep 17 00:00:00 2001
149			From: Andreas Schneider <asn@samba.org>
150			Date: Fri, 18 Aug 2017 16:13:15 +0200
151			Subject: [PATCH 3/6] s3:utils: Make strings const passed to password_change()
152			in smbpasswd
153
154			BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
155
156			Signed-off-by: Andreas Schneider <asn@samba.org>
157			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
158			(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)
159			---
160			source3/utils/smbpasswd.c \| 5 +++--
161			1 file changed, 3 insertions(+), 2 deletions(-)
162
163			diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
164			index 6eb2deb7a3b..b0e08cc0e58 100644
165			--- a/source3/utils/smbpasswd.c
166			+++ b/source3/utils/smbpasswd.c
167			@@ -243,8 +243,9 @@ static char *prompt_for_new_password(bool stdin_get)
168			Change a password either locally or remotely.
169			*************************************************************/
170
171			-static NTSTATUS password_change(const char remote_mach, char username,
172			- char old_passwd, char new_pw,
173			+static NTSTATUS password_change(const char *remote_mach,
174			+ const char *username,
175			+ const char old_passwd, const char new_pw,
176			int local_flags)
177			{
178			NTSTATUS ret;
179			--
180			2.14.1
181
182
183			From bec5dc7c8b1bca092fa4ea87016bbfdb2750896c Mon Sep 17 00:00:00 2001
184			From: Andreas Schneider <asn@samba.org>
185			Date: Fri, 18 Aug 2017 16:14:57 +0200
186			Subject: [PATCH 4/6] s3:utils: Pass domain to password_change() in smbpasswd
187
188			BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
189
190			Signed-off-by: Andreas Schneider <asn@samba.org>
191			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
192			(cherry picked from commit b483340639157fe95777672f5723455c48c3c616)
193			---
194			source3/utils/smbpasswd.c \| 12 +++++++-----
195			1 file changed, 7 insertions(+), 5 deletions(-)
196
197			diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
198			index b0e08cc0e58..92712e38f6b 100644
199			--- a/source3/utils/smbpasswd.c
200			+++ b/source3/utils/smbpasswd.c
201			@@ -244,7 +244,7 @@ static char *prompt_for_new_password(bool stdin_get)
202			*************************************************************/
203
204			static NTSTATUS password_change(const char *remote_mach,
205			- const char *username,
206			+ const char domain, const char username,
207			const char old_passwd, const char new_pw,
208			int local_flags)
209			{
210			@@ -261,7 +261,7 @@ static NTSTATUS password_change(const char *remote_mach,
211			return NT_STATUS_UNSUCCESSFUL;
212			}
213			ret = remote_password_change(remote_mach,
214			- NULL, username,
215			+ domain, username,
216			old_passwd, new_pw, &err_str);
217			} else {
218			ret = local_password_change(username, local_flags, new_pw,
219			@@ -466,7 +466,8 @@ static int process_root(int local_flags)
220			}
221			}
222
223			- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name,
224			+ if (!NT_STATUS_IS_OK(password_change(remote_machine,
225			+ NULL, user_name,
226			old_passwd, new_passwd,
227			local_flags))) {
228			result = 1;
229			@@ -566,8 +567,9 @@ static int process_nonroot(int local_flags)
230			exit(1);
231			}
232
233			- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw,
234			- new_pw, 0))) {
235			+ if (!NT_STATUS_IS_OK(password_change(remote_machine,
236			+ NULL, user_name,
237			+ old_pw, new_pw, 0))) {
238			result = 1;
239			goto done;
240			}
241			--
242			2.14.1
243
244
245			From 72dd200ce430b23a887ddfa73c2b618bf387c583 Mon Sep 17 00:00:00 2001
246			From: Andreas Schneider <asn@samba.org>
247			Date: Fri, 18 Aug 2017 16:17:08 +0200
248			Subject: [PATCH 5/6] s3:utils: Make sure we authenticate against our SAM name
249			in smbpasswd
250
251			If a local user wants to change his password using smbpasswd and the
252			machine is a domain member, we need to make sure we authenticate against
253			our SAM and not ask winbind.
254
255			BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
256
257			Signed-off-by: Andreas Schneider <asn@samba.org>
258			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
259			(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
260			---
261			source3/utils/smbpasswd.c \| 32 +++++++++++++++++++++++++++-----
262			1 file changed, 27 insertions(+), 5 deletions(-)
263
264			diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
265			index 92712e38f6b..556e6869da7 100644
266			--- a/source3/utils/smbpasswd.c
267			+++ b/source3/utils/smbpasswd.c
268			@@ -58,7 +58,7 @@ static void usage(void)
269			printf(" -c smb.conf file Use the given path to the smb.conf file\n");
270			printf(" -D LEVEL debug level\n");
271			printf(" -r MACHINE remote machine\n");
272			- printf(" -U USER remote username\n");
273			+ printf(" -U USER remote username (e.g. SAM/user)\n");
274
275			printf("extra options when run by root or in local mode:\n");
276			printf(" -a add user\n");
277			@@ -95,7 +95,7 @@ static int process_options(int argc, char **argv, int local_flags)
278
279			user_name[0] = '\0';
280
281			- while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
282			+ while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) {
283			switch(ch) {
284			case 'L':
285			if (getuid() != 0) {
286			@@ -519,6 +519,9 @@ static int process_nonroot(int local_flags)
287			int result = 0;
288			char *old_pw = NULL;
289			char *new_pw = NULL;
290			+ const char *username = user_name;
291			+ const char *domain = NULL;
292			+ char *p = NULL;
293
294			if (local_flags & ~(LOCAL_AM_ROOT \| LOCAL_SET_PASSWORD)) {
295			/* Extra flags that we can't honor non-root */
296			@@ -536,6 +539,15 @@ static int process_nonroot(int local_flags)
297			}
298			}
299
300			+ /* Allow domain as part of the username */
301			+ if ((p = strchr_m(user_name, '\\')) \|\|
302			+ (p = strchr_m(user_name, '/')) \|\|
303			+ (p = strchr_m(user_name, *lp_winbind_separator()))) {
304			+ *p = '\0';
305			+ username = p + 1;
306			+ domain = user_name;
307			+ }
308			+
309			/*
310			* A non-root user is always setting a password
311			* via a remote machine (even if that machine is
312			@@ -544,8 +556,18 @@ static int process_nonroot(int local_flags)
313
314			load_interfaces(); /* Delayed from main() */
315
316			- if (remote_machine == NULL) {
317			+ if (remote_machine != NULL) {
318			+ if (!is_ipaddress(remote_machine)) {
319			+ domain = remote_machine;
320			+ }
321			+ } else {
322			remote_machine = "127.0.0.1";
323			+
324			+ /*
325			+ * If we deal with a local user, change the password for the
326			+ * user in our SAM.
327			+ */
328			+ domain = get_global_sam_name();
329			}
330
331			if (remote_machine != NULL) {
332			@@ -568,13 +590,13 @@ static int process_nonroot(int local_flags)
333			}
334
335			if (!NT_STATUS_IS_OK(password_change(remote_machine,
336			- NULL, user_name,
337			+ domain, username,
338			old_pw, new_pw, 0))) {
339			result = 1;
340			goto done;
341			}
342
343			- printf("Password changed for user %s\n", user_name);
344			+ printf("Password changed for user %s\n", username);
345
346			done:
347			SAFE_FREE(old_pw);
348			--
349			2.14.1
350
351
352			From 7d8aae447a411eb4903850c30366a18d1714f7c0 Mon Sep 17 00:00:00 2001
353			From: Andreas Schneider <asn@samba.org>
354			Date: Tue, 22 Aug 2017 15:46:07 +0200
355			Subject: [PATCH 6/6] s3:utils: Remove pointless if-clause for remote_machine
356
357			BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
358
359			Review with: git show -U20
360
361			Signed-off-by: Andreas Schneider <asn@samba.org>
362			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
363			(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)
364			---
365			source3/utils/smbpasswd.c \| 10 ++++------
366			1 file changed, 4 insertions(+), 6 deletions(-)
367
368			diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
369			index 556e6869da7..fb7ad283995 100644
370			--- a/source3/utils/smbpasswd.c
371			+++ b/source3/utils/smbpasswd.c
372			@@ -570,12 +570,10 @@ static int process_nonroot(int local_flags)
373			domain = get_global_sam_name();
374			}
375
376			- if (remote_machine != NULL) {
377			- old_pw = get_pass("Old SMB password:",stdin_passwd_get);
378			- if (old_pw == NULL) {
379			- fprintf(stderr, "Unable to get old password.\n");
380			- exit(1);
381			- }
382			+ old_pw = get_pass("Old SMB password:",stdin_passwd_get);
383			+ if (old_pw == NULL) {
384			+ fprintf(stderr, "Unable to get old password.\n");
385			+ exit(1);
386			}
387
388			if (!new_passwd) {
389			--
390			2.14.1
391