/[smeserver]/rpms/samba/sme10/samba-v4.6-fix_smbpasswd_user_pwd_change.patch
ViewVC logotype

Contents of /rpms/samba/sme10/samba-v4.6-fix_smbpasswd_user_pwd_change.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.2 - (show annotations) (download)
Wed Aug 9 04:48:53 2023 UTC (9 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED 
Initial import
1 From f7046a874ce3ab5d9b4024442daf03e79f25956b Mon Sep 17 00:00:00 2001
2 From: Andreas Schneider <asn@samba.org>
3 Date: Fri, 18 Aug 2017 16:08:46 +0200
4 Subject: [PATCH 1/6] s3:libsmb: Pass domain to remote_password_change()
5
6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
7
8 Signed-off-by: Andreas Schneider <asn@samba.org>
9 Reviewed-by: Andrew Bartlet <abartlet@samba.org>
10 (cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
11 ---
12 source3/include/proto.h | 3 ++-
13 source3/libsmb/passchange.c | 5 +++--
14 source3/utils/smbpasswd.c | 3 ++-
15 3 files changed, 7 insertions(+), 4 deletions(-)
16
17 diff --git a/source3/include/proto.h b/source3/include/proto.h
18 index baa579995a5..9deb27b416b 100644
19 --- a/source3/include/proto.h
20 +++ b/source3/include/proto.h
21 @@ -834,7 +834,8 @@ bool get_dc_name(const char *domain,
22
23 /* The following definitions come from libsmb/passchange.c */
24
25 -NTSTATUS remote_password_change(const char *remote_machine, const char *user_name,
26 +NTSTATUS remote_password_change(const char *remote_machine,
27 + const char *domain, const char *user_name,
28 const char *old_passwd, const char *new_passwd,
29 char **err_str);
30
31 diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
32 index c89b7ca85d1..48ffba8036f 100644
33 --- a/source3/libsmb/passchange.c
34 +++ b/source3/libsmb/passchange.c
35 @@ -30,7 +30,8 @@
36 Change a password on a remote machine using IPC calls.
37 *************************************************************/
38
39 -NTSTATUS remote_password_change(const char *remote_machine, const char *user_name,
40 +NTSTATUS remote_password_change(const char *remote_machine,
41 + const char *domain, const char *user_name,
42 const char *old_passwd, const char *new_passwd,
43 char **err_str)
44 {
45 @@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
46
47 creds = cli_session_creds_init(cli,
48 user_name,
49 - NULL, /* domain */
50 + domain,
51 NULL, /* realm */
52 old_passwd,
53 false, /* use_kerberos */
54 diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
55 index 437a5e551bb..4d7a3c739bc 100644
56 --- a/source3/utils/smbpasswd.c
57 +++ b/source3/utils/smbpasswd.c
58 @@ -258,7 +258,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
59 fprintf(stderr, "Invalid remote operation!\n");
60 return NT_STATUS_UNSUCCESSFUL;
61 }
62 - ret = remote_password_change(remote_mach, username,
63 + ret = remote_password_change(remote_mach,
64 + NULL, username,
65 old_passwd, new_pw, &err_str);
66 } else {
67 ret = local_password_change(username, local_flags, new_pw,
68 --
69 2.14.1
70
71
72 From f215f7c53032689dbdaac96a3a16fa7d3fe3d3c5 Mon Sep 17 00:00:00 2001
73 From: Andreas Schneider <asn@samba.org>
74 Date: Fri, 18 Aug 2017 16:10:06 +0200
75 Subject: [PATCH 2/6] s3:libsmb: Move prototye of remote_password_change()
76
77 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
78
79 Signed-off-by: Andreas Schneider <asn@samba.org>
80 Reviewed-by: Andrew Bartlet <abartlet@samba.org>
81 (cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)
82 ---
83 source3/include/proto.h | 7 -------
84 source3/libsmb/proto.h | 10 ++++++++++
85 source3/utils/smbpasswd.c | 1 +
86 3 files changed, 11 insertions(+), 7 deletions(-)
87
88 diff --git a/source3/include/proto.h b/source3/include/proto.h
89 index 9deb27b416b..67e1a9d750e 100644
90 --- a/source3/include/proto.h
91 +++ b/source3/include/proto.h
92 @@ -832,13 +832,6 @@ bool get_dc_name(const char *domain,
93 fstring srv_name,
94 struct sockaddr_storage *ss_out);
95
96 -/* The following definitions come from libsmb/passchange.c */
97 -
98 -NTSTATUS remote_password_change(const char *remote_machine,
99 - const char *domain, const char *user_name,
100 - const char *old_passwd, const char *new_passwd,
101 - char **err_str);
102 -
103 /* The following definitions come from libsmb/smberr.c */
104
105 const char *smb_dos_err_name(uint8_t e_class, uint16_t num);
106 diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
107 index a583a8ee159..44f4d04cff5 100644
108 --- a/source3/libsmb/proto.h
109 +++ b/source3/libsmb/proto.h
110 @@ -31,6 +31,9 @@
111
112 struct smb_trans_enc_state;
113 struct cli_credentials;
114 +struct cli_state;
115 +struct file_info;
116 +struct print_job_info;
117
118 /* The following definitions come from libsmb/cliconnect.c */
119
120 @@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char *fname,
121 TALLOC_CTX *mem_ctx, char **psubstitute_name,
122 char **pprint_name, uint32_t *pflags);
123
124 +/* The following definitions come from libsmb/passchange.c */
125 +
126 +NTSTATUS remote_password_change(const char *remote_machine,
127 + const char *domain, const char *user_name,
128 + const char *old_passwd, const char *new_passwd,
129 + char **err_str);
130 +
131 #endif /* _LIBSMB_PROTO_H_ */
132 diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
133 index 4d7a3c739bc..6eb2deb7a3b 100644
134 --- a/source3/utils/smbpasswd.c
135 +++ b/source3/utils/smbpasswd.c
136 @@ -21,6 +21,7 @@
137 #include "secrets.h"
138 #include "../librpc/gen_ndr/samr.h"
139 #include "../lib/util/util_pw.h"
140 +#include "libsmb/proto.h"
141 #include "passdb.h"
142
143 /*
144 --
145 2.14.1
146
147
148 From 7e6e01b965c838494203c964fa5ac55b355bd58a Mon Sep 17 00:00:00 2001
149 From: Andreas Schneider <asn@samba.org>
150 Date: Fri, 18 Aug 2017 16:13:15 +0200
151 Subject: [PATCH 3/6] s3:utils: Make strings const passed to password_change()
152 in smbpasswd
153
154 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
155
156 Signed-off-by: Andreas Schneider <asn@samba.org>
157 Reviewed-by: Andrew Bartlet <abartlet@samba.org>
158 (cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)
159 ---
160 source3/utils/smbpasswd.c | 5 +++--
161 1 file changed, 3 insertions(+), 2 deletions(-)
162
163 diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
164 index 6eb2deb7a3b..b0e08cc0e58 100644
165 --- a/source3/utils/smbpasswd.c
166 +++ b/source3/utils/smbpasswd.c
167 @@ -243,8 +243,9 @@ static char *prompt_for_new_password(bool stdin_get)
168 Change a password either locally or remotely.
169 *************************************************************/
170
171 -static NTSTATUS password_change(const char *remote_mach, char *username,
172 - char *old_passwd, char *new_pw,
173 +static NTSTATUS password_change(const char *remote_mach,
174 + const char *username,
175 + const char *old_passwd, const char *new_pw,
176 int local_flags)
177 {
178 NTSTATUS ret;
179 --
180 2.14.1
181
182
183 From bec5dc7c8b1bca092fa4ea87016bbfdb2750896c Mon Sep 17 00:00:00 2001
184 From: Andreas Schneider <asn@samba.org>
185 Date: Fri, 18 Aug 2017 16:14:57 +0200
186 Subject: [PATCH 4/6] s3:utils: Pass domain to password_change() in smbpasswd
187
188 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
189
190 Signed-off-by: Andreas Schneider <asn@samba.org>
191 Reviewed-by: Andrew Bartlet <abartlet@samba.org>
192 (cherry picked from commit b483340639157fe95777672f5723455c48c3c616)
193 ---
194 source3/utils/smbpasswd.c | 12 +++++++-----
195 1 file changed, 7 insertions(+), 5 deletions(-)
196
197 diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
198 index b0e08cc0e58..92712e38f6b 100644
199 --- a/source3/utils/smbpasswd.c
200 +++ b/source3/utils/smbpasswd.c
201 @@ -244,7 +244,7 @@ static char *prompt_for_new_password(bool stdin_get)
202 *************************************************************/
203
204 static NTSTATUS password_change(const char *remote_mach,
205 - const char *username,
206 + const char *domain, const char *username,
207 const char *old_passwd, const char *new_pw,
208 int local_flags)
209 {
210 @@ -261,7 +261,7 @@ static NTSTATUS password_change(const char *remote_mach,
211 return NT_STATUS_UNSUCCESSFUL;
212 }
213 ret = remote_password_change(remote_mach,
214 - NULL, username,
215 + domain, username,
216 old_passwd, new_pw, &err_str);
217 } else {
218 ret = local_password_change(username, local_flags, new_pw,
219 @@ -466,7 +466,8 @@ static int process_root(int local_flags)
220 }
221 }
222
223 - if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name,
224 + if (!NT_STATUS_IS_OK(password_change(remote_machine,
225 + NULL, user_name,
226 old_passwd, new_passwd,
227 local_flags))) {
228 result = 1;
229 @@ -566,8 +567,9 @@ static int process_nonroot(int local_flags)
230 exit(1);
231 }
232
233 - if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw,
234 - new_pw, 0))) {
235 + if (!NT_STATUS_IS_OK(password_change(remote_machine,
236 + NULL, user_name,
237 + old_pw, new_pw, 0))) {
238 result = 1;
239 goto done;
240 }
241 --
242 2.14.1
243
244
245 From 72dd200ce430b23a887ddfa73c2b618bf387c583 Mon Sep 17 00:00:00 2001
246 From: Andreas Schneider <asn@samba.org>
247 Date: Fri, 18 Aug 2017 16:17:08 +0200
248 Subject: [PATCH 5/6] s3:utils: Make sure we authenticate against our SAM name
249 in smbpasswd
250
251 If a local user wants to change his password using smbpasswd and the
252 machine is a domain member, we need to make sure we authenticate against
253 our SAM and not ask winbind.
254
255 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
256
257 Signed-off-by: Andreas Schneider <asn@samba.org>
258 Reviewed-by: Andrew Bartlet <abartlet@samba.org>
259 (cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
260 ---
261 source3/utils/smbpasswd.c | 32 +++++++++++++++++++++++++++-----
262 1 file changed, 27 insertions(+), 5 deletions(-)
263
264 diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
265 index 92712e38f6b..556e6869da7 100644
266 --- a/source3/utils/smbpasswd.c
267 +++ b/source3/utils/smbpasswd.c
268 @@ -58,7 +58,7 @@ static void usage(void)
269 printf(" -c smb.conf file Use the given path to the smb.conf file\n");
270 printf(" -D LEVEL debug level\n");
271 printf(" -r MACHINE remote machine\n");
272 - printf(" -U USER remote username\n");
273 + printf(" -U USER remote username (e.g. SAM/user)\n");
274
275 printf("extra options when run by root or in local mode:\n");
276 printf(" -a add user\n");
277 @@ -95,7 +95,7 @@ static int process_options(int argc, char **argv, int local_flags)
278
279 user_name[0] = '\0';
280
281 - while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
282 + while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) {
283 switch(ch) {
284 case 'L':
285 if (getuid() != 0) {
286 @@ -519,6 +519,9 @@ static int process_nonroot(int local_flags)
287 int result = 0;
288 char *old_pw = NULL;
289 char *new_pw = NULL;
290 + const char *username = user_name;
291 + const char *domain = NULL;
292 + char *p = NULL;
293
294 if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) {
295 /* Extra flags that we can't honor non-root */
296 @@ -536,6 +539,15 @@ static int process_nonroot(int local_flags)
297 }
298 }
299
300 + /* Allow domain as part of the username */
301 + if ((p = strchr_m(user_name, '\\')) ||
302 + (p = strchr_m(user_name, '/')) ||
303 + (p = strchr_m(user_name, *lp_winbind_separator()))) {
304 + *p = '\0';
305 + username = p + 1;
306 + domain = user_name;
307 + }
308 +
309 /*
310 * A non-root user is always setting a password
311 * via a remote machine (even if that machine is
312 @@ -544,8 +556,18 @@ static int process_nonroot(int local_flags)
313
314 load_interfaces(); /* Delayed from main() */
315
316 - if (remote_machine == NULL) {
317 + if (remote_machine != NULL) {
318 + if (!is_ipaddress(remote_machine)) {
319 + domain = remote_machine;
320 + }
321 + } else {
322 remote_machine = "127.0.0.1";
323 +
324 + /*
325 + * If we deal with a local user, change the password for the
326 + * user in our SAM.
327 + */
328 + domain = get_global_sam_name();
329 }
330
331 if (remote_machine != NULL) {
332 @@ -568,13 +590,13 @@ static int process_nonroot(int local_flags)
333 }
334
335 if (!NT_STATUS_IS_OK(password_change(remote_machine,
336 - NULL, user_name,
337 + domain, username,
338 old_pw, new_pw, 0))) {
339 result = 1;
340 goto done;
341 }
342
343 - printf("Password changed for user %s\n", user_name);
344 + printf("Password changed for user %s\n", username);
345
346 done:
347 SAFE_FREE(old_pw);
348 --
349 2.14.1
350
351
352 From 7d8aae447a411eb4903850c30366a18d1714f7c0 Mon Sep 17 00:00:00 2001
353 From: Andreas Schneider <asn@samba.org>
354 Date: Tue, 22 Aug 2017 15:46:07 +0200
355 Subject: [PATCH 6/6] s3:utils: Remove pointless if-clause for remote_machine
356
357 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
358
359 Review with: git show -U20
360
361 Signed-off-by: Andreas Schneider <asn@samba.org>
362 Reviewed-by: Andrew Bartlet <abartlet@samba.org>
363 (cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)
364 ---
365 source3/utils/smbpasswd.c | 10 ++++------
366 1 file changed, 4 insertions(+), 6 deletions(-)
367
368 diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
369 index 556e6869da7..fb7ad283995 100644
370 --- a/source3/utils/smbpasswd.c
371 +++ b/source3/utils/smbpasswd.c
372 @@ -570,12 +570,10 @@ static int process_nonroot(int local_flags)
373 domain = get_global_sam_name();
374 }
375
376 - if (remote_machine != NULL) {
377 - old_pw = get_pass("Old SMB password:",stdin_passwd_get);
378 - if (old_pw == NULL) {
379 - fprintf(stderr, "Unable to get old password.\n");
380 - exit(1);
381 - }
382 + old_pw = get_pass("Old SMB password:",stdin_passwd_get);
383 + if (old_pw == NULL) {
384 + fprintf(stderr, "Unable to get old password.\n");
385 + exit(1);
386 }
387
388 if (!new_passwd) {
389 --
390 2.14.1
391
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed