1 |
jpp |
1.1 |
From f7046a874ce3ab5d9b4024442daf03e79f25956b Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Andreas Schneider <asn@samba.org> |
3 |
|
|
Date: Fri, 18 Aug 2017 16:08:46 +0200 |
4 |
|
|
Subject: [PATCH 1/6] s3:libsmb: Pass domain to remote_password_change() |
5 |
|
|
|
6 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 |
7 |
|
|
|
8 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
9 |
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org> |
10 |
|
|
(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29) |
11 |
|
|
--- |
12 |
|
|
source3/include/proto.h | 3 ++- |
13 |
|
|
source3/libsmb/passchange.c | 5 +++-- |
14 |
|
|
source3/utils/smbpasswd.c | 3 ++- |
15 |
|
|
3 files changed, 7 insertions(+), 4 deletions(-) |
16 |
|
|
|
17 |
|
|
diff --git a/source3/include/proto.h b/source3/include/proto.h |
18 |
|
|
index baa579995a5..9deb27b416b 100644 |
19 |
|
|
--- a/source3/include/proto.h |
20 |
|
|
+++ b/source3/include/proto.h |
21 |
|
|
@@ -834,7 +834,8 @@ bool get_dc_name(const char *domain, |
22 |
|
|
|
23 |
|
|
/* The following definitions come from libsmb/passchange.c */ |
24 |
|
|
|
25 |
|
|
-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, |
26 |
|
|
+NTSTATUS remote_password_change(const char *remote_machine, |
27 |
|
|
+ const char *domain, const char *user_name, |
28 |
|
|
const char *old_passwd, const char *new_passwd, |
29 |
|
|
char **err_str); |
30 |
|
|
|
31 |
|
|
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c |
32 |
|
|
index c89b7ca85d1..48ffba8036f 100644 |
33 |
|
|
--- a/source3/libsmb/passchange.c |
34 |
|
|
+++ b/source3/libsmb/passchange.c |
35 |
|
|
@@ -30,7 +30,8 @@ |
36 |
|
|
Change a password on a remote machine using IPC calls. |
37 |
|
|
*************************************************************/ |
38 |
|
|
|
39 |
|
|
-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, |
40 |
|
|
+NTSTATUS remote_password_change(const char *remote_machine, |
41 |
|
|
+ const char *domain, const char *user_name, |
42 |
|
|
const char *old_passwd, const char *new_passwd, |
43 |
|
|
char **err_str) |
44 |
|
|
{ |
45 |
|
|
@@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam |
46 |
|
|
|
47 |
|
|
creds = cli_session_creds_init(cli, |
48 |
|
|
user_name, |
49 |
|
|
- NULL, /* domain */ |
50 |
|
|
+ domain, |
51 |
|
|
NULL, /* realm */ |
52 |
|
|
old_passwd, |
53 |
|
|
false, /* use_kerberos */ |
54 |
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c |
55 |
|
|
index 437a5e551bb..4d7a3c739bc 100644 |
56 |
|
|
--- a/source3/utils/smbpasswd.c |
57 |
|
|
+++ b/source3/utils/smbpasswd.c |
58 |
|
|
@@ -258,7 +258,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username, |
59 |
|
|
fprintf(stderr, "Invalid remote operation!\n"); |
60 |
|
|
return NT_STATUS_UNSUCCESSFUL; |
61 |
|
|
} |
62 |
|
|
- ret = remote_password_change(remote_mach, username, |
63 |
|
|
+ ret = remote_password_change(remote_mach, |
64 |
|
|
+ NULL, username, |
65 |
|
|
old_passwd, new_pw, &err_str); |
66 |
|
|
} else { |
67 |
|
|
ret = local_password_change(username, local_flags, new_pw, |
68 |
|
|
-- |
69 |
|
|
2.14.1 |
70 |
|
|
|
71 |
|
|
|
72 |
|
|
From f215f7c53032689dbdaac96a3a16fa7d3fe3d3c5 Mon Sep 17 00:00:00 2001 |
73 |
|
|
From: Andreas Schneider <asn@samba.org> |
74 |
|
|
Date: Fri, 18 Aug 2017 16:10:06 +0200 |
75 |
|
|
Subject: [PATCH 2/6] s3:libsmb: Move prototye of remote_password_change() |
76 |
|
|
|
77 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 |
78 |
|
|
|
79 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
80 |
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org> |
81 |
|
|
(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950) |
82 |
|
|
--- |
83 |
|
|
source3/include/proto.h | 7 ------- |
84 |
|
|
source3/libsmb/proto.h | 10 ++++++++++ |
85 |
|
|
source3/utils/smbpasswd.c | 1 + |
86 |
|
|
3 files changed, 11 insertions(+), 7 deletions(-) |
87 |
|
|
|
88 |
|
|
diff --git a/source3/include/proto.h b/source3/include/proto.h |
89 |
|
|
index 9deb27b416b..67e1a9d750e 100644 |
90 |
|
|
--- a/source3/include/proto.h |
91 |
|
|
+++ b/source3/include/proto.h |
92 |
|
|
@@ -832,13 +832,6 @@ bool get_dc_name(const char *domain, |
93 |
|
|
fstring srv_name, |
94 |
|
|
struct sockaddr_storage *ss_out); |
95 |
|
|
|
96 |
|
|
-/* The following definitions come from libsmb/passchange.c */ |
97 |
|
|
- |
98 |
|
|
-NTSTATUS remote_password_change(const char *remote_machine, |
99 |
|
|
- const char *domain, const char *user_name, |
100 |
|
|
- const char *old_passwd, const char *new_passwd, |
101 |
|
|
- char **err_str); |
102 |
|
|
- |
103 |
|
|
/* The following definitions come from libsmb/smberr.c */ |
104 |
|
|
|
105 |
|
|
const char *smb_dos_err_name(uint8_t e_class, uint16_t num); |
106 |
|
|
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h |
107 |
|
|
index a583a8ee159..44f4d04cff5 100644 |
108 |
|
|
--- a/source3/libsmb/proto.h |
109 |
|
|
+++ b/source3/libsmb/proto.h |
110 |
|
|
@@ -31,6 +31,9 @@ |
111 |
|
|
|
112 |
|
|
struct smb_trans_enc_state; |
113 |
|
|
struct cli_credentials; |
114 |
|
|
+struct cli_state; |
115 |
|
|
+struct file_info; |
116 |
|
|
+struct print_job_info; |
117 |
|
|
|
118 |
|
|
/* The following definitions come from libsmb/cliconnect.c */ |
119 |
|
|
|
120 |
|
|
@@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char *fname, |
121 |
|
|
TALLOC_CTX *mem_ctx, char **psubstitute_name, |
122 |
|
|
char **pprint_name, uint32_t *pflags); |
123 |
|
|
|
124 |
|
|
+/* The following definitions come from libsmb/passchange.c */ |
125 |
|
|
+ |
126 |
|
|
+NTSTATUS remote_password_change(const char *remote_machine, |
127 |
|
|
+ const char *domain, const char *user_name, |
128 |
|
|
+ const char *old_passwd, const char *new_passwd, |
129 |
|
|
+ char **err_str); |
130 |
|
|
+ |
131 |
|
|
#endif /* _LIBSMB_PROTO_H_ */ |
132 |
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c |
133 |
|
|
index 4d7a3c739bc..6eb2deb7a3b 100644 |
134 |
|
|
--- a/source3/utils/smbpasswd.c |
135 |
|
|
+++ b/source3/utils/smbpasswd.c |
136 |
|
|
@@ -21,6 +21,7 @@ |
137 |
|
|
#include "secrets.h" |
138 |
|
|
#include "../librpc/gen_ndr/samr.h" |
139 |
|
|
#include "../lib/util/util_pw.h" |
140 |
|
|
+#include "libsmb/proto.h" |
141 |
|
|
#include "passdb.h" |
142 |
|
|
|
143 |
|
|
/* |
144 |
|
|
-- |
145 |
|
|
2.14.1 |
146 |
|
|
|
147 |
|
|
|
148 |
|
|
From 7e6e01b965c838494203c964fa5ac55b355bd58a Mon Sep 17 00:00:00 2001 |
149 |
|
|
From: Andreas Schneider <asn@samba.org> |
150 |
|
|
Date: Fri, 18 Aug 2017 16:13:15 +0200 |
151 |
|
|
Subject: [PATCH 3/6] s3:utils: Make strings const passed to password_change() |
152 |
|
|
in smbpasswd |
153 |
|
|
|
154 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 |
155 |
|
|
|
156 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
157 |
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org> |
158 |
|
|
(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373) |
159 |
|
|
--- |
160 |
|
|
source3/utils/smbpasswd.c | 5 +++-- |
161 |
|
|
1 file changed, 3 insertions(+), 2 deletions(-) |
162 |
|
|
|
163 |
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c |
164 |
|
|
index 6eb2deb7a3b..b0e08cc0e58 100644 |
165 |
|
|
--- a/source3/utils/smbpasswd.c |
166 |
|
|
+++ b/source3/utils/smbpasswd.c |
167 |
|
|
@@ -243,8 +243,9 @@ static char *prompt_for_new_password(bool stdin_get) |
168 |
|
|
Change a password either locally or remotely. |
169 |
|
|
*************************************************************/ |
170 |
|
|
|
171 |
|
|
-static NTSTATUS password_change(const char *remote_mach, char *username, |
172 |
|
|
- char *old_passwd, char *new_pw, |
173 |
|
|
+static NTSTATUS password_change(const char *remote_mach, |
174 |
|
|
+ const char *username, |
175 |
|
|
+ const char *old_passwd, const char *new_pw, |
176 |
|
|
int local_flags) |
177 |
|
|
{ |
178 |
|
|
NTSTATUS ret; |
179 |
|
|
-- |
180 |
|
|
2.14.1 |
181 |
|
|
|
182 |
|
|
|
183 |
|
|
From bec5dc7c8b1bca092fa4ea87016bbfdb2750896c Mon Sep 17 00:00:00 2001 |
184 |
|
|
From: Andreas Schneider <asn@samba.org> |
185 |
|
|
Date: Fri, 18 Aug 2017 16:14:57 +0200 |
186 |
|
|
Subject: [PATCH 4/6] s3:utils: Pass domain to password_change() in smbpasswd |
187 |
|
|
|
188 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 |
189 |
|
|
|
190 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
191 |
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org> |
192 |
|
|
(cherry picked from commit b483340639157fe95777672f5723455c48c3c616) |
193 |
|
|
--- |
194 |
|
|
source3/utils/smbpasswd.c | 12 +++++++----- |
195 |
|
|
1 file changed, 7 insertions(+), 5 deletions(-) |
196 |
|
|
|
197 |
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c |
198 |
|
|
index b0e08cc0e58..92712e38f6b 100644 |
199 |
|
|
--- a/source3/utils/smbpasswd.c |
200 |
|
|
+++ b/source3/utils/smbpasswd.c |
201 |
|
|
@@ -244,7 +244,7 @@ static char *prompt_for_new_password(bool stdin_get) |
202 |
|
|
*************************************************************/ |
203 |
|
|
|
204 |
|
|
static NTSTATUS password_change(const char *remote_mach, |
205 |
|
|
- const char *username, |
206 |
|
|
+ const char *domain, const char *username, |
207 |
|
|
const char *old_passwd, const char *new_pw, |
208 |
|
|
int local_flags) |
209 |
|
|
{ |
210 |
|
|
@@ -261,7 +261,7 @@ static NTSTATUS password_change(const char *remote_mach, |
211 |
|
|
return NT_STATUS_UNSUCCESSFUL; |
212 |
|
|
} |
213 |
|
|
ret = remote_password_change(remote_mach, |
214 |
|
|
- NULL, username, |
215 |
|
|
+ domain, username, |
216 |
|
|
old_passwd, new_pw, &err_str); |
217 |
|
|
} else { |
218 |
|
|
ret = local_password_change(username, local_flags, new_pw, |
219 |
|
|
@@ -466,7 +466,8 @@ static int process_root(int local_flags) |
220 |
|
|
} |
221 |
|
|
} |
222 |
|
|
|
223 |
|
|
- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, |
224 |
|
|
+ if (!NT_STATUS_IS_OK(password_change(remote_machine, |
225 |
|
|
+ NULL, user_name, |
226 |
|
|
old_passwd, new_passwd, |
227 |
|
|
local_flags))) { |
228 |
|
|
result = 1; |
229 |
|
|
@@ -566,8 +567,9 @@ static int process_nonroot(int local_flags) |
230 |
|
|
exit(1); |
231 |
|
|
} |
232 |
|
|
|
233 |
|
|
- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw, |
234 |
|
|
- new_pw, 0))) { |
235 |
|
|
+ if (!NT_STATUS_IS_OK(password_change(remote_machine, |
236 |
|
|
+ NULL, user_name, |
237 |
|
|
+ old_pw, new_pw, 0))) { |
238 |
|
|
result = 1; |
239 |
|
|
goto done; |
240 |
|
|
} |
241 |
|
|
-- |
242 |
|
|
2.14.1 |
243 |
|
|
|
244 |
|
|
|
245 |
|
|
From 72dd200ce430b23a887ddfa73c2b618bf387c583 Mon Sep 17 00:00:00 2001 |
246 |
|
|
From: Andreas Schneider <asn@samba.org> |
247 |
|
|
Date: Fri, 18 Aug 2017 16:17:08 +0200 |
248 |
|
|
Subject: [PATCH 5/6] s3:utils: Make sure we authenticate against our SAM name |
249 |
|
|
in smbpasswd |
250 |
|
|
|
251 |
|
|
If a local user wants to change his password using smbpasswd and the |
252 |
|
|
machine is a domain member, we need to make sure we authenticate against |
253 |
|
|
our SAM and not ask winbind. |
254 |
|
|
|
255 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 |
256 |
|
|
|
257 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
258 |
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org> |
259 |
|
|
(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02) |
260 |
|
|
--- |
261 |
|
|
source3/utils/smbpasswd.c | 32 +++++++++++++++++++++++++++----- |
262 |
|
|
1 file changed, 27 insertions(+), 5 deletions(-) |
263 |
|
|
|
264 |
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c |
265 |
|
|
index 92712e38f6b..556e6869da7 100644 |
266 |
|
|
--- a/source3/utils/smbpasswd.c |
267 |
|
|
+++ b/source3/utils/smbpasswd.c |
268 |
|
|
@@ -58,7 +58,7 @@ static void usage(void) |
269 |
|
|
printf(" -c smb.conf file Use the given path to the smb.conf file\n"); |
270 |
|
|
printf(" -D LEVEL debug level\n"); |
271 |
|
|
printf(" -r MACHINE remote machine\n"); |
272 |
|
|
- printf(" -U USER remote username\n"); |
273 |
|
|
+ printf(" -U USER remote username (e.g. SAM/user)\n"); |
274 |
|
|
|
275 |
|
|
printf("extra options when run by root or in local mode:\n"); |
276 |
|
|
printf(" -a add user\n"); |
277 |
|
|
@@ -95,7 +95,7 @@ static int process_options(int argc, char **argv, int local_flags) |
278 |
|
|
|
279 |
|
|
user_name[0] = '\0'; |
280 |
|
|
|
281 |
|
|
- while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) { |
282 |
|
|
+ while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) { |
283 |
|
|
switch(ch) { |
284 |
|
|
case 'L': |
285 |
|
|
if (getuid() != 0) { |
286 |
|
|
@@ -519,6 +519,9 @@ static int process_nonroot(int local_flags) |
287 |
|
|
int result = 0; |
288 |
|
|
char *old_pw = NULL; |
289 |
|
|
char *new_pw = NULL; |
290 |
|
|
+ const char *username = user_name; |
291 |
|
|
+ const char *domain = NULL; |
292 |
|
|
+ char *p = NULL; |
293 |
|
|
|
294 |
|
|
if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) { |
295 |
|
|
/* Extra flags that we can't honor non-root */ |
296 |
|
|
@@ -536,6 +539,15 @@ static int process_nonroot(int local_flags) |
297 |
|
|
} |
298 |
|
|
} |
299 |
|
|
|
300 |
|
|
+ /* Allow domain as part of the username */ |
301 |
|
|
+ if ((p = strchr_m(user_name, '\\')) || |
302 |
|
|
+ (p = strchr_m(user_name, '/')) || |
303 |
|
|
+ (p = strchr_m(user_name, *lp_winbind_separator()))) { |
304 |
|
|
+ *p = '\0'; |
305 |
|
|
+ username = p + 1; |
306 |
|
|
+ domain = user_name; |
307 |
|
|
+ } |
308 |
|
|
+ |
309 |
|
|
/* |
310 |
|
|
* A non-root user is always setting a password |
311 |
|
|
* via a remote machine (even if that machine is |
312 |
|
|
@@ -544,8 +556,18 @@ static int process_nonroot(int local_flags) |
313 |
|
|
|
314 |
|
|
load_interfaces(); /* Delayed from main() */ |
315 |
|
|
|
316 |
|
|
- if (remote_machine == NULL) { |
317 |
|
|
+ if (remote_machine != NULL) { |
318 |
|
|
+ if (!is_ipaddress(remote_machine)) { |
319 |
|
|
+ domain = remote_machine; |
320 |
|
|
+ } |
321 |
|
|
+ } else { |
322 |
|
|
remote_machine = "127.0.0.1"; |
323 |
|
|
+ |
324 |
|
|
+ /* |
325 |
|
|
+ * If we deal with a local user, change the password for the |
326 |
|
|
+ * user in our SAM. |
327 |
|
|
+ */ |
328 |
|
|
+ domain = get_global_sam_name(); |
329 |
|
|
} |
330 |
|
|
|
331 |
|
|
if (remote_machine != NULL) { |
332 |
|
|
@@ -568,13 +590,13 @@ static int process_nonroot(int local_flags) |
333 |
|
|
} |
334 |
|
|
|
335 |
|
|
if (!NT_STATUS_IS_OK(password_change(remote_machine, |
336 |
|
|
- NULL, user_name, |
337 |
|
|
+ domain, username, |
338 |
|
|
old_pw, new_pw, 0))) { |
339 |
|
|
result = 1; |
340 |
|
|
goto done; |
341 |
|
|
} |
342 |
|
|
|
343 |
|
|
- printf("Password changed for user %s\n", user_name); |
344 |
|
|
+ printf("Password changed for user %s\n", username); |
345 |
|
|
|
346 |
|
|
done: |
347 |
|
|
SAFE_FREE(old_pw); |
348 |
|
|
-- |
349 |
|
|
2.14.1 |
350 |
|
|
|
351 |
|
|
|
352 |
|
|
From 7d8aae447a411eb4903850c30366a18d1714f7c0 Mon Sep 17 00:00:00 2001 |
353 |
|
|
From: Andreas Schneider <asn@samba.org> |
354 |
|
|
Date: Tue, 22 Aug 2017 15:46:07 +0200 |
355 |
|
|
Subject: [PATCH 6/6] s3:utils: Remove pointless if-clause for remote_machine |
356 |
|
|
|
357 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 |
358 |
|
|
|
359 |
|
|
Review with: git show -U20 |
360 |
|
|
|
361 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
362 |
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org> |
363 |
|
|
(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e) |
364 |
|
|
--- |
365 |
|
|
source3/utils/smbpasswd.c | 10 ++++------ |
366 |
|
|
1 file changed, 4 insertions(+), 6 deletions(-) |
367 |
|
|
|
368 |
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c |
369 |
|
|
index 556e6869da7..fb7ad283995 100644 |
370 |
|
|
--- a/source3/utils/smbpasswd.c |
371 |
|
|
+++ b/source3/utils/smbpasswd.c |
372 |
|
|
@@ -570,12 +570,10 @@ static int process_nonroot(int local_flags) |
373 |
|
|
domain = get_global_sam_name(); |
374 |
|
|
} |
375 |
|
|
|
376 |
|
|
- if (remote_machine != NULL) { |
377 |
|
|
- old_pw = get_pass("Old SMB password:",stdin_passwd_get); |
378 |
|
|
- if (old_pw == NULL) { |
379 |
|
|
- fprintf(stderr, "Unable to get old password.\n"); |
380 |
|
|
- exit(1); |
381 |
|
|
- } |
382 |
|
|
+ old_pw = get_pass("Old SMB password:",stdin_passwd_get); |
383 |
|
|
+ if (old_pw == NULL) { |
384 |
|
|
+ fprintf(stderr, "Unable to get old password.\n"); |
385 |
|
|
+ exit(1); |
386 |
|
|
} |
387 |
|
|
|
388 |
|
|
if (!new_passwd) { |
389 |
|
|
-- |
390 |
|
|
2.14.1 |
391 |
|
|
|