Linux Cubed Series 7: Sunsite

home *** CD-ROM | disk | FTP | other *** search

/ Linux Cubed Series 7: Sunsite / Linux Cubed Series 7 - Sunsite Vol 1.iso / system / network / samba / patches / samba-1.037 / samba-1

Wrap

Text File | 1995-07-11 | 49.1 KB | 1,821 lines

diff -u -r --new-file last-version/docs/ENCRYPTION.txt samba-1.9.14alpha11/docs/ENCRYPTION.txt --- last-version/docs/ENCRYPTION.txt Thu Jan 1 10:00:00 1970 +++ samba-1.9.14alpha11/docs/ENCRYPTION.txt Tue Jul 11 22:37:36 1995 @@ -0,0 +1,40 @@ +This is a very brief description on how to setup samba to support +password encryption. More complete instructions will probably be added +later. + +1) get and compile the libdes libraries. the source is available from +nimbus.anu.edu.au in pub/tridge/libdes/libdes.tar.92-10-13.gz + +2) enable the encryption stuff in the Samba makefile, making sure you +point it to the libdes library and include file (it needs des.h) + +3) compile and install samba as usual + +4) enable encrypted passwords in smb.conf by adding the line +"encrypt passwords = yes" in the [global] section + +5) create the initial smbpasswd password file in the place you +specified in the Makefile. A simple way to do this based on your +existing Makefile (assuming it is in a reasonably standard format) is +like this: + +cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd + +note that the mksmbpasswd.sh script is in the samba source directory. + +If this fails then you will find that you will need entries that look +like this: + +# SMB password file. +tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh + +note that the uid and username fields must be right. Also try to get +the number of X's right (there should be 32). + +6) set the passwords for users using the smbpasswd command. For +example, as root you could do "smbpasswd tridge" + +7) try it out! + +Note that you can test things using smbclient, as it also now supports +encryption. diff -u -r --new-file last-version/examples/tridge/smb.conf samba-1.9.14alpha11/examples/tridge/smb.conf --- last-version/examples/tridge/smb.conf Thu Jun 29 22:10:12 1995 +++ samba-1.9.14alpha11/examples/tridge/smb.conf Tue Jul 11 20:12:35 1995 @@ -1,7 +1,8 @@ -[global] +[global] config file = /usr/local/samba/smb.conf.%m status = yes security = user + encrypt passwords = yes server string = Tridge (%v,%h) load printers = yes log level = 1 diff -u -r --new-file last-version/source/Makefile samba-1.9.14alpha11/source/Makefile --- last-version/source/Makefile Tue Jul 11 16:28:48 1995 +++ samba-1.9.14alpha11/source/Makefile Tue Jul 11 20:53:41 1995 @@ -419,7 +419,7 @@ INCLUDES2 = pcap.h trans2.h reply.h INCLUDES = $(INCLUDES1) $(INCLUDES2) -UTILOBJ = util.o charset.o kanji.o fault.o +UTILOBJ = util.o charset.o kanji.o fault.o smbencrypt.o PARAMOBJ = $(UTILOBJ) loadparm.o params.o pcap.o access.o username.o ufc.o smbpass.o SMBDOBJ1 = $(PARAMOBJ) trans2.o message.o dir.o printing.o locking.o SMBDOBJ2 = ipc.o reply.o mangle.o chgpasswd.o password.o diff -u -r --new-file last-version/source/change-log samba-1.9.14alpha11/source/change-log --- last-version/source/change-log Tue Jul 11 16:47:34 1995 +++ samba-1.9.14alpha11/source/change-log Tue Jul 11 22:38:22 1995 @@ -1519,6 +1519,13 @@ - added "passwd chat" option and chat interpretation code - added "smb passwd file" option - released alpha10 + - cleaned up chgpasswd.c a little + - portability changes to the encryption handling code + - added password encryption to smbclient + - fixed a share level security encryption bug + - added "ENCRYPTION.txt" document + - released alpha11 + ========== todo: diff -u -r --new-file last-version/source/chgpasswd.c samba-1.9.14alpha11/source/chgpasswd.c --- last-version/source/chgpasswd.c Tue Jul 11 16:32:38 1995 +++ samba-1.9.14alpha11/source/chgpasswd.c Tue Jul 11 18:12:10 1995 @@ -9,16 +9,9 @@ * was included as a client to change passwords using the 'passwd' program * on the remote machine. * - * It has been dissected and recreated in a form that allows passwd changing for - * a valid user (user is already validated BEFORE this routine is run). It compares - * the user name to those in the LOCAL password file and, if they are found, it - * runs 'passwd.' If not, however, it assumes, since the person has already been - * validated, that they are an NIS user and it uses 'yppasswd.' - * * This routine is called by set_user_password() in password.c only if ALLOW_PASSWORD_CHANGE * is defined in the compiler directives located in the Makefile. * - * * This code has been hacked by Bob Nance (nance@niehs.nih.gov) and Evan Patterson * (patters2@niehs.nih.gov) at the National Institute of Environmental Health Sciences * and rights to modify, distribute or incorporate this change to the CAP suite or @@ -35,126 +28,35 @@ #define MINPASSWDLENGTH 5 #define BUFSIZE 512 -static int findpty (char **slave); -static int talktochild(int master,char *oldpass,char *newpass,char *emess); -static int dochild(int master,char *slavedev,char *name,char *oldpass,char *newpass); -static int expect(int master,char *expected,char *buf); -static void writestring (int fd,char *s); - -BOOL chgpasswd(char *name,char *oldpass,char *newpass) +static int findpty(char **slave) { - char emess[255]; - char *slavedev; - struct passwd *getpwnam(); int master; - pid_t pid, wpid; - int wstat; - BOOL chstat; - int putpwent(); - - strlower(name); - DEBUG(3,("Password change for user: %s\n",name)); -#if DEBUG_PASSWORD - DEBUG(100,("Passwords: old=%s new=%s\n",oldpass,newpass)); -#endif - - /* Take the passed information and test it for minimum criteria */ - /* Minimum password length */ - if (strlen(newpass) < MINPASSWDLENGTH) /* too short, must be at least MINPASSWDLENGTH */ - { - DEBUG(2,("Password Change: %s, New password is shorter than MINPASSWDLENGTH\n",name)); - return (False); /* inform the user */ - } + static char line[12] = "/dev/ptyXX"; + void *dirp; + char *dpname; - /* Password is same as old password */ - if (strncmp(oldpass,newpass,8) == 0) /* don't allow same password */ - { - DEBUG(2,("Password Change: %s, New password is same as old\n",name)); /* log the attempt */ - return (False); /* inform the user */ - } - - /* That done, let's attempt to actually change the password */ - /* allocate a pseudo-terminal device */ - if ((master = findpty (&slavedev)) < 0) - { - DEBUG(3,("Cannot Allocate pty for password change: %s",name)); - return(False); - } - - if ((pid = fork()) < 0) - { - DEBUG(3,("Cannot fork() child for password change: %s",name)); - return(False); - } - - /* we now have a pty */ - if (pid > 0){ /* This is the parent process */ - if ((chstat = talktochild (master, oldpass, newpass, emess)) == False) - { - DEBUG(3,("Child failed to change password: %s\n",name)); - kill(pid, SIGKILL); /* be sure to end this process */ - return(False); + dirp = OpenDir("/dev"); + if (!dirp) return(-1); + while ((dpname = ReadDirName(dirp)) != NULL) { + if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5) { + line[8] = dpname[3]; + line[9] = dpname[4]; + if ((master = open(line, O_RDWR)) >= 0) { + line[5] = 't'; + *slave = line; + CloseDir(dirp); + return (master); } - if ((wpid = waitpid (pid, &wstat, 0)) < 0) { - DEBUG(3,("The process is no longer waiting!\n\n")); - return(False); - } - if (pid != wpid) { - DEBUG(3,("We were waiting for the wrong process ID\n")); - return(False); } - if (WIFEXITED (wstat) == 0) { - DEBUG(3,("The process exited while we were waiting\n")); - return(False); - } - if (WEXITSTATUS (wstat) != 0) { - DEBUG(3,("The status of the process exiting was %d\n", wstat)); - return(False); - } - } - else /* CHILD */ - { - struct passwd *pass = Get_Pwnam(name,True); - int gid = pass->pw_gid; - int uid = pass->pw_uid; - - /* make us completely into the right uid */ -#ifdef USE_SETRES - setresgid(0,0,0); - setresuid(0,0,0); - setresgid(gid,gid,gid); - setresuid(uid,uid,uid); -#else - setuid(0); - seteuid(0); - setgid(gid); - setegid(gid); - setuid(uid); - seteuid(uid); -#endif - - /* make sure it doesn't freeze */ - alarm(10); - - DEBUG(3,("Dochild for user %s (uid=%d,gid=%d)\n",name,getuid(),getgid())); - chstat = dochild (master, slavedev, name, oldpass, newpass); - } - DEBUG(3,("Password change %ssuccessful for user %s\n", (chstat?"":"un"), name)); - return (chstat); + CloseDir(dirp); + return (-1); } -static int dochild (master, slavedev, name, oldpass, newpass) - int master; - char *slavedev, *name, *oldpass, *newpass; +static int dochild(int master,char *slavedev, char *passwordprogram) { int slave; struct termios stermios; - string passwordprogram; - - strcpy(passwordprogram,lp_passwd_program()); - - string_sub(passwordprogram,"%u",name); /* Start new session - gets rid of controlling terminal. */ if (setsid() < 0) { @@ -214,40 +116,66 @@ return(True); } -static void pwd_sub(char *buf,char *oldpass,char *newpass) +static int expect(int master,char *expected,char *buf) +{ + int n, m; + + n = 0; + buf[0] = 0; + while (1) { + if (n >= BUFSIZE-1) { + return False; + } + + /* allow 4 seconds for some output to appear */ + m = read_with_timeout(master, buf+n, 1, BUFSIZE-1-n, 4000, True); + if (m < 0) + return False; + + n += m; + buf[n] = 0; + + { + pstring s1,s2; + strcpy(s1,buf); + strcpy(s2,expected); + if (do_match(s1, s2, False)) + return(True); + } + } +} + +static void pwd_sub(char *buf) { - string_sub(buf,"%o",oldpass); - string_sub(buf,"%n",newpass); string_sub(buf,"\\n","\n"); string_sub(buf,"\\r","\r"); string_sub(buf,"\\s"," "); string_sub(buf,"\\t","\t"); } -static int talktochild (master, oldpass, newpass, emess) - int master; - char *oldpass, *newpass, *emess; +static void writestring(int fd,char *s) +{ + int l; + + l = strlen (s); + write (fd, s, l); +} + + +static int talktochild(int master, char *chatsequence) { char buf[BUFSIZE]; - char pswd[BUFSIZE+1]; int count=0; - char *chatsequence = lp_passwd_chat(); char *ptr=chatsequence; fstring chatbuf; - if (!*chatsequence) { - DEBUG(0,("No passwd chat sequence - aborting password change\n")); - } - *buf = 0; - *pswd = 0; - *emess = 0; sleep(1); while (next_token(&ptr,chatbuf,NULL)) { BOOL ok=True; count++; - pwd_sub(chatbuf,oldpass,newpass); + pwd_sub(chatbuf); if (!strequal(chatbuf,".")) ok = expect(master,chatbuf,buf); @@ -261,7 +189,7 @@ } if (!next_token(&ptr,chatbuf,NULL)) break; - pwd_sub(chatbuf,oldpass,newpass); + pwd_sub(chatbuf); if (!strequal(chatbuf,".")) writestring(master,chatbuf); @@ -275,68 +203,132 @@ return (True); } -static int expect(int master,char *expected,char *buf) + +BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequence) { - int n, m; - - n = 0; - buf[0] = 0; - while (1) { - if (n >= BUFSIZE-1) { - return False; - } + char *slavedev; + int master; + pid_t pid, wpid; + int wstat; + BOOL chstat; - /* allow 4 seconds for some output to appear */ - m = read_with_timeout(master, buf+n, 1, BUFSIZE-1-n, 4000, True); - if (m < 0) - return False; + /* allocate a pseudo-terminal device */ + if ((master = findpty (&slavedev)) < 0) { + DEBUG(3,("Cannot Allocate pty for password change: %s",name)); + return(False); + } - n += m; - buf[n] = 0; + if ((pid = fork()) < 0) { + DEBUG(3,("Cannot fork() child for password change: %s",name)); + return(False); + } - { - pstring s1,s2; - strcpy(s1,buf); - strcpy(s2,expected); - if (do_match(s1, s2, False)) - return(True); + /* we now have a pty */ + if (pid > 0){ /* This is the parent process */ + if ((chstat = talktochild(master, chatsequence)) == False) { + DEBUG(3,("Child failed to change password: %s\n",name)); + kill(pid, SIGKILL); /* be sure to end this process */ + return(False); + } + if ((wpid = waitpid(pid, &wstat, 0)) < 0) { + DEBUG(3,("The process is no longer waiting!\n\n")); + return(False); + } + if (pid != wpid) { + DEBUG(3,("We were waiting for the wrong process ID\n")); + return(False); + } + if (WIFEXITED(wstat) == 0) { + DEBUG(3,("The process exited while we were waiting\n")); + return(False); + } + if (WEXITSTATUS(wstat) != 0) { + DEBUG(3,("The status of the process exiting was %d\n", wstat)); + return(False); } + + } else { + /* CHILD */ + struct passwd *pass = Get_Pwnam(name,True); + int gid = pass->pw_gid; + int uid = pass->pw_uid; + + /* make us completely into the right uid */ +#ifdef USE_SETRES + setresgid(0,0,0); + setresuid(0,0,0); + setresgid(gid,gid,gid); + setresuid(uid,uid,uid); +#else + setuid(0); + seteuid(0); + setgid(gid); + setegid(gid); + setuid(uid); + seteuid(uid); +#endif + + /* make sure it doesn't freeze */ + alarm(20); + + DEBUG(3,("Dochild for user %s (uid=%d,gid=%d)\n",name,getuid(),getgid())); + chstat = dochild(master, slavedev, passwordprogram); } + DEBUG(3,("Password change %ssuccessful for user %s\n", (chstat?"":"un"), name)); + return (chstat); } -static void writestring (int fd,char *s) +BOOL chgpasswd(char *name,char *oldpass,char *newpass) { - int l; - - l = strlen (s); - write (fd, s, l); -} + pstring passwordprogram; + pstring chatsequence; -static int findpty (char **slave) -{ - int master; - static char line[12] = "/dev/ptyXX"; - void *dirp; - char *dpname; + strlower(name); + DEBUG(3,("Password change for user: %s\n",name)); + +#if DEBUG_PASSWORD + DEBUG(100,("Passwords: old=%s new=%s\n",oldpass,newpass)); +#endif + + /* Take the passed information and test it for minimum criteria */ + /* Minimum password length */ + if (strlen(newpass) < MINPASSWDLENGTH) /* too short, must be at least MINPASSWDLENGTH */ + { + DEBUG(2,("Password Change: %s, New password is shorter than MINPASSWDLENGTH\n",name)); + return (False); /* inform the user */ + } - dirp = OpenDir("/dev"); - if (!dirp) return(-1); - while ((dpname = ReadDirName(dirp)) != NULL) { - if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5) { - line[8] = dpname[3]; - line[9] = dpname[4]; - if ((master = open(line, O_RDWR)) >= 0) { - line[5] = 't'; - *slave = line; - CloseDir(dirp); - return (master); - } + /* Password is same as old password */ + if (strcmp(oldpass,newpass) == 0) /* don't allow same password */ + { + DEBUG(2,("Password Change: %s, New password is same as old\n",name)); /* log the attempt */ + return (False); /* inform the user */ } + + strcpy(passwordprogram,lp_passwd_program()); + strcpy(chatsequence,lp_passwd_chat()); + + if (!*chatsequence) { + DEBUG(2,("Null chat sequence - no password changing\n")); + return(False); } - CloseDir(dirp); - return (-1); + + if (!*passwordprogram) { + DEBUG(2,("Null password program - no password changing\n")); + return(False); + } + + string_sub(passwordprogram,"%u",name); + string_sub(passwordprogram,"%o",oldpass); + string_sub(passwordprogram,"%n",newpass); + + string_sub(chatsequence,"%u",name); + string_sub(chatsequence,"%o",oldpass); + string_sub(chatsequence,"%n",newpass); + return(chat_with_program(passwordprogram,name,chatsequence)); } + #else BOOL chgpasswd(char *name,char *oldpass,char *newpass) { diff -u -r --new-file last-version/source/client.c samba-1.9.14alpha11/source/client.c --- last-version/source/client.c Mon Jul 10 09:43:19 1995 +++ samba-1.9.14alpha11/source/client.c Tue Jul 11 22:12:37 1995 @@ -36,6 +36,9 @@ BOOL connect_as_printer = False; BOOL connect_as_ipc = False; +char cryptkey[8]; +BOOL doencrypt=False; + extern pstring user_socket_options; /* 30 second timeout on most commands */ @@ -2603,9 +2606,8 @@ int sesskey=0; time_t servertime = 0; extern int serverzone; - int sec_mode; + int sec_mode=0; int crypt_len; - struct { int prot; char *name; @@ -2711,6 +2713,7 @@ writebraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x2) != 0); } crypt_len = smb_buflen(inbuf); + memcpy(cryptkey,smb_buf(inbuf),8); DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv3))); DEBUG(3,("max vcs %d\n",SVAL(inbuf,smb_vwv4))); DEBUG(3,("max blk %d\n",SVAL(inbuf,smb_vwv5))); @@ -2723,6 +2726,7 @@ servertime = interpret_long_date(inbuf+smb_vwv11+1); servertime -= serverzone; crypt_len = CVAL(inbuf,smb_vwv16+1); + memcpy(cryptkey,smb_buf(inbuf),8); if (IVAL(inbuf,smb_vwv9+1) & 1) readbraw_supported = writebraw_supported = True; DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv1+1))); @@ -2736,6 +2740,8 @@ DEBUG(3,("Got %d byte crypt key\n",crypt_len)); DEBUG(3,("Chose protocol [%s]\n",prots[SVAL(inbuf,smb_vwv0)].name)); + doencrypt = ((sec_mode & 2) != 0); + if (servertime) { static BOOL done_time = False; if (!done_time) { @@ -2755,13 +2761,28 @@ if (Protocol >= PROTOCOL_LANMAN1 && use_setup) { + fstring pword; + int passlen = strlen(pass)+1; + strcpy(pword,pass); + +#ifdef SMB_PASSWD + if (doencrypt) { + DEBUG(3,("Using encrypted passwords\n")); + passlen = 24; + SMBencrypt(pass,cryptkey,pword); + } +#else + doencrypt = False; +#endif + /* if in share level security then don't send a password now */ + if (!(sec_mode & 1)) passlen=0; /* send a session setup command */ bzero(outbuf,smb_size); if (Protocol < PROTOCOL_NT1) { - set_message(outbuf,10,2 + strlen(username) + strlen(pass),True); + set_message(outbuf,10,1 + strlen(username) + passlen,True); CVAL(outbuf,smb_com) = SMBsesssetupX; setup_pkt(outbuf); @@ -2770,12 +2791,13 @@ SSVAL(outbuf,smb_vwv3,2); SSVAL(outbuf,smb_vwv4,getpid()); SIVAL(outbuf,smb_vwv5,sesskey); - SSVAL(outbuf,smb_vwv7,strlen(pass)+1); + SSVAL(outbuf,smb_vwv7,passlen); p = smb_buf(outbuf); - strcpy(p,pass); - p += strlen(pass)+1; + memcpy(p,pword,passlen); + p += passlen; strcpy(p,username); } else { + if (!doencrypt) passlen--; /* for Win95 */ set_message(outbuf,13,0,True); CVAL(outbuf,smb_com) = SMBsesssetupX; @@ -2786,11 +2808,10 @@ SSVAL(outbuf,smb_vwv3,2); SSVAL(outbuf,smb_vwv4,getpid()); SIVAL(outbuf,smb_vwv5,sesskey); + SSVAL(outbuf,smb_vwv7,passlen); SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv7,strlen(pass)); p = smb_buf(outbuf); - strcpy(p,pass); strupper(p); p += SVAL(outbuf,smb_vwv7); - strcpy(p,pass); p += SVAL(outbuf,smb_vwv8); + memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7); strcpy(p,username);p = skip_string(p,1); strcpy(p,WORKGROUP);p = skip_string(p,1); strcpy(p,"Unix");p = skip_string(p,1); @@ -2858,19 +2879,37 @@ again2: - set_message(outbuf,0,6 + strlen(service) + strlen(pass) + strlen(dev),True); - CVAL(outbuf,smb_com) = SMBtcon; - setup_pkt(outbuf); + { + int passlen = strlen(pass); + fstring pword; + strcpy(pword,pass); + +#ifdef SMB_PASSWD + if (doencrypt) { + passlen=24; + SMBencrypt(pass,cryptkey,pword); + } +#endif - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,service); - p += strlen(p) + 1; - *p++ = 4; - strcpy(p,pass); - p += strlen(p) + 1; - *p++ = 4; - strcpy(p,dev); + /* if in user level security then don't send a password now */ + if ((sec_mode & 1)) { + passlen=0; + } + + set_message(outbuf,4,2 + strlen(service) + passlen + strlen(dev),True); + CVAL(outbuf,smb_com) = SMBtconX; + setup_pkt(outbuf); + + SSVAL(outbuf,smb_vwv0,0xFF); + SSVAL(outbuf,smb_vwv3,passlen); + + p = smb_buf(outbuf); + memcpy(p,pword,passlen); + p += passlen; + strcpy(p,service); + p = skip_string(p,1); + strcpy(p,dev); + } send_smb(outbuf); receive_smb(inbuf,CLIENT_TIMEOUT); @@ -2878,16 +2917,17 @@ /* trying again with a blank password */ if (CVAL(inbuf,smb_rcls) != 0 && (int)strlen(pass) > 0 && + !doencrypt && Protocol >= PROTOCOL_LANMAN1) { - DEBUG(0,("first SMBtcon failed, trying again. %s\n",smb_errstr(inbuf))); + DEBUG(0,("first SMBtconX failed, trying again. %s\n",smb_errstr(inbuf))); strcpy(pass,""); goto again2; } if (CVAL(inbuf,smb_rcls) != 0) { - DEBUG(0,("SMBtcon failed. %s\n",smb_errstr(inbuf))); + DEBUG(0,("SMBtconX failed. %s\n",smb_errstr(inbuf))); DEBUG(0,("Perhaps you are using the wrong sharename, username or password?\n")); DEBUG(0,("Some servers insist that these be in uppercase\n")); if (was_null) @@ -2904,7 +2944,7 @@ if (max_xmit <= 0) max_xmit = BUFFER_SIZE - 4; - cnum = SVAL(inbuf,smb_vwv1); + cnum = SVAL(inbuf,smb_tid); DEBUG(3,("Connected with cnum=%d max_xmit=%d\n",cnum,max_xmit)); diff -u -r --new-file last-version/source/includes.h samba-1.9.14alpha11/source/includes.h --- last-version/source/includes.h Tue Jul 11 13:35:34 1995 +++ samba-1.9.14alpha11/source/includes.h Tue Jul 11 20:07:18 1995 @@ -772,6 +772,10 @@ #endif #endif +#ifndef perror +#define perror(s) printf("%s: %s\n",s,strerror(errno)) +#endif + #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 255 #endif diff -u -r --new-file last-version/source/password.c samba-1.9.14alpha11/source/password.c --- last-version/source/password.c Tue Jul 11 16:45:47 1995 +++ samba-1.9.14alpha11/source/password.c Tue Jul 11 22:02:55 1995 @@ -508,14 +508,15 @@ #ifdef SMB_PASSWD char challenge[8]; struct smb_passwd *smb_pass; - BOOL challenge_done = last_challenge(challenge); + BOOL challenge_done = False; #endif #if DEBUG_PASSWORD #ifdef SMB_PASSWD int i; - if((pwlen == 24) && challenge_done) + if ((pwlen == 24) && (challenge_done = last_challenge(challenge))) { + DEBUG(100,("checking user=[%s] pass=[",user)); for( i = 0; i < 24; i++) DEBUG(100,("%0x ", (unsigned char)password[i])); diff -u -r --new-file last-version/source/smbencrypt.c samba-1.9.14alpha11/source/smbencrypt.c --- last-version/source/smbencrypt.c Thu Jan 1 10:00:00 1970 +++ samba-1.9.14alpha11/source/smbencrypt.c Tue Jul 11 21:56:15 1995 @@ -0,0 +1,115 @@ +#ifdef SMB_PASSWD +/* + Unix SMB/Netbios implementation. + Version 1.9. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1995 + Modified by Jeremy Allison 1995. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "loadparm.h" +#include "des.h" + +extern int DEBUGLEVEL; + +#ifndef uchar +#define uchar unsigned char +#endif + +void str_to_key(uchar *str,uchar *key) +{ + void des_set_odd_parity(des_cblock *); + int i; + + key[0] = str[0]>>1; + key[1] = ((str[0]&0x01)<<6) | (str[1]>>2); + key[2] = ((str[1]&0x03)<<5) | (str[2]>>3); + key[3] = ((str[2]&0x07)<<4) | (str[3]>>4); + key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5); + key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6); + key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7); + key[7] = str[6]&0x7F; + for (i=0;i<8;i++) { + key[i] = (key[i]<<1); + } + des_set_odd_parity((des_cblock *)key); +} + +void D1(uchar *k, uchar *d, uchar *out) +{ + des_key_schedule ks; + des_cblock deskey; + + str_to_key(k,(uchar *)deskey); + des_set_key(deskey,ks); + des_ecb_encrypt(d, out, ks, DES_DECRYPT); +} + +void E1(uchar *k, uchar *d, uchar *out) +{ + des_key_schedule ks; + des_cblock deskey; + + str_to_key(k,(uchar *)deskey); + des_set_key(deskey,ks); + des_ecb_encrypt(d, out, ks, DES_ENCRYPT); +} + +void E_P16(uchar *p14,uchar *p16) +{ + uchar sp7[7]; + /* the following constant makes us compatible with other + implementations. Note that publishing this constant does not reduce the + security of the encryption mechanism */ + uchar sp8[] = {0xAA,0xD3,0xB4,0x35,0xB5,0x14,0x4,0xEE}; + uchar x[8]; + + memset(sp7,'\0',7); + + D1(sp7, sp8, x); + E1(p14, x, p16); + E1(p14+7, x, p16+8); +} + +void E_P24(uchar *p21, uchar *c8, uchar *p24) +{ + E1(p21, c8, p24); + E1(p21+7, c8, p24+8); + E1(p21+14, c8, p24+16); +} + + +/* + This implements the X/Open SMB password encryption + It takes a password, a 8 byte "crypt key" and puts 24 bytes of + encrypted password into p24 */ +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) +{ + uchar p14[15], p21[21]; + + memset(p21,'\0',21); + memset(p14,'\0',14); + StrnCpy((char *)p14,(char *)passwd,14); + + strupper((char *)p14); + E_P16(p14, p21); + E_P24(p21, c8, p24); +} +#else +void smbencrypt_dummy(void){} +#endif diff -u -r --new-file last-version/source/smbpass.c samba-1.9.14alpha11/source/smbpass.c --- last-version/source/smbpass.c Tue Jul 11 15:15:19 1995 +++ samba-1.9.14alpha11/source/smbpass.c Tue Jul 11 20:53:22 1995 @@ -23,117 +23,23 @@ #include "includes.h" #include "loadparm.h" -#include "des.h" extern int DEBUGLEVEL; -#define uchar unsigned char -void str_to_key(uchar *str,uchar *key) -{ - int i; - - key[0] = str[0]>>1; - key[1] = ((str[0]&0x01)<<6) | (str[1]>>2); - key[2] = ((str[1]&0x03)<<5) | (str[2]>>3); - key[3] = ((str[2]&0x07)<<4) | (str[3]>>4); - key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5); - key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6); - key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7); - key[7] = str[6]&0x7F; - for (i=0;i<8;i++) { - key[i] = (key[i]<<1); - } - des_set_odd_parity(key); -} - -void D1(uchar *k, uchar *d, uchar *out) -{ - des_key_schedule ks; - des_cblock deskey; - - str_to_key(k,(uchar *)deskey); - des_set_key(deskey,ks); - des_ecb_encrypt(d, out, ks, DES_DECRYPT); -} - -void E1(uchar *k, uchar *d, uchar *out) -{ - des_key_schedule ks; - des_cblock deskey; - - str_to_key(k,(uchar *)deskey); - des_set_key(deskey,ks); - des_ecb_encrypt(d, out, ks, DES_ENCRYPT); -} - -void E_P16(uchar *p14,uchar *p16) -{ - uchar sp7[7]; - uchar sp8[] = {0xAA,0xD3,0xB4,0x35,0xB5,0x14,0x4,0xEE}; - uchar x[8]; - - memset(sp7,'\0',7); - - D1(sp7, sp8, x); - E1(p14, x, p16); - E1(p14+7, x, p16+8); -} - -void E_P24(uchar *p21, uchar *c8, uchar *p24) -{ - E1(p21, c8, p24); - E1(p21+7, c8, p24+8); - E1(p21+14, c8, p24+16); -} - - -/* - This implements the X/Open SMB password encryption - It takes a password, a 8 byte "crypt key" and puts 24 bytes of - encrypted password into p24 -*/ -void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) -{ - uchar p14[14], p21[21]; - - memset(p21,'\0',21); - memset(p14,'\0',14); - strncpy((char *)p14,(char *)passwd,14); - - E_P16(p14, p21); - E_P24(p21, c8, p24); -} - -/* Try and get a lock on the first byte of the - file. If this fails wait 5 seconds then try again. - If this fails then return an error. This ensures a - consistant view is always seen as all processes updating - this file should finish within 5 seconds. -*/ - -static int gotalarm; - -void gotalarm_sig() -{ - gotalarm = 1; -} - -/* Static buffers we will return. */ -static struct smb_passwd pw_buf; -static pstring user_name; -static unsigned char smbpwd[16]; - /* * Routine to search the smbpasswd file for an * entry matching the username. */ -struct smb_passwd *get_smbpwnam(const char *name) +struct smb_passwd *get_smbpwnam(char *name) { + /* Static buffers we will return. */ + static struct smb_passwd pw_buf; + static pstring user_name; + static unsigned char smbpwd[16]; char linebuf[256]; unsigned char c; unsigned char *p; - unsigned char *newp; long uidval; long linebuf_len; unsigned char lonybble, hinybble; @@ -164,7 +70,7 @@ } /* make sure it is only rw by the owner */ - fchmod(fileno(fp),0600); + chmod(pfile,0600); /* We have a read lock on the file. */ /* Scan the file, a line at a time and @@ -215,7 +121,7 @@ if(linebuf[0] == '#' || linebuf[0] == '\0') { - DEBUG(4,("get_smbpwnam: skipping comment or blank line\n")); + DEBUG(6,("get_smbpwnam: skipping comment or blank line\n")); continue; } p = (unsigned char *)strchr(linebuf, ':'); @@ -226,74 +132,77 @@ } /* As 256 is shorter than a pstring we don't need to check length here - if this ever changes.... */ - strncpy( user_name, linebuf, (char *)p - linebuf); - user_name[(char *)p - linebuf] = '\0'; - if(strcasecmp(user_name, name)) + strncpy(user_name, linebuf, PTR_DIFF(p,linebuf)); + user_name[PTR_DIFF(p,linebuf)] = '\0'; + if(!strequal(user_name, name)) continue; /* User name matches - get uid and password */ p++; /* Go past ':' */ - if(!isdigit(*p)) - { - DEBUG(0,("get_smbpwnam: malformed password entry (uid not number)\n")); - fclose(fp); - file_unlock(lockfd); - return NULL; - } + if(!isdigit(*p)) { + DEBUG(0,("get_smbpwnam: malformed password entry (uid not number)\n")); + fclose(fp); + file_unlock(lockfd); + return NULL; + } - uidval = strtol((char *)p, (char **)&newp, 10); - if(*newp != ':') - { - DEBUG(0,("get_smbpwnam: malformed password entry (no : after uid)\n")); - fclose(fp); - file_unlock(lockfd); - return NULL; - } + uidval = atoi((char *)p); + while (*p && isdigit(*p)) p++; + if(*p != ':') { + DEBUG(0,("get_smbpwnam: malformed password entry (no : after uid)\n")); + fclose(fp); + file_unlock(lockfd); + return NULL; + } /* Now get the password value - this should be 32 hex digits which are the ascii representations of a 16 byte string. Get two at a time and put them into the password. */ - p = newp + 1; - if(*p == '*' || *p == 'X') - { - /* Password deliberately invalid - end here. */ - DEBUG(10,("get_smbpwnam: entry invalidated for user %s\n",user_name)); - fclose(fp); - file_unlock(lockfd); - return NULL; - } - if(linebuf_len < ((char *)p - linebuf + 33)) - { - DEBUG(0,("get_smbpwnam: malformed password entry (passwd too short)\n")); - fclose(fp); - file_unlock(lockfd); - return(False); - } + p++; + if(*p == '*' || *p == 'X') { + /* Password deliberately invalid - end here. */ + DEBUG(10,("get_smbpwnam: entry invalidated for user %s\n",user_name)); + fclose(fp); + file_unlock(lockfd); + return NULL; + } + if(linebuf_len < (PTR_DIFF(p,linebuf) + 33)) { + DEBUG(0,("get_smbpwnam: malformed password entry (passwd too short)\n")); + fclose(fp); + file_unlock(lockfd); + return(False); + } - if(p[32] != ':') - { - DEBUG(0,("get_smbpwnam: malformed password entry (no terminating :)\n")); - fclose(fp); - file_unlock(lockfd); - return NULL; - } + if(p[32] != ':') { + DEBUG(0,("get_smbpwnam: malformed password entry (no terminating :)\n")); + fclose(fp); + file_unlock(lockfd); + return NULL; + } - if(strncasecmp((char *)p,"NO PASSWORD",11) == 0) { + if (strequal((char *)p,"NO PASSWORD")) { pw_buf.smb_passwd = NULL; - } else { + } else { + char *hexchars = "0123456789ABCDEF"; + char *p1,*p2; for(i = 0; i < 32; i += 2) { hinybble = toupper(p[i]); - if(isdigit(hinybble)) - hinybble -= '0'; - else - hinybble = (hinybble - 'A') + 10; lonybble = toupper(p[i+1]); - if(isdigit(lonybble)) - lonybble -= '0'; - else - lonybble = (lonybble - 'A') + 10; + + p1 = strchr(hexchars,hinybble); + p2 = strchr(hexchars,lonybble); + if (!p1 || !p2) { + DEBUG(0,("Malformed password entry (non hex chars)\n")); + fclose(fp); + file_unlock(lockfd); + return NULL; + } + + hinybble = PTR_DIFF(p1,hexchars); + lonybble = PTR_DIFF(p2,hexchars); + smbpwd[i/2] = (hinybble << 4) | lonybble; } pw_buf.smb_passwd = smbpwd; @@ -302,7 +211,7 @@ pw_buf.smb_userid = uidval; fclose(fp); file_unlock(lockfd); - DEBUG(5, ("get_smbpwname: returning passwd entry for user %s, uid %d\n", + DEBUG(5,("get_smbpwname: returning passwd entry for user %s, uid %d\n", user_name, uidval)); return &pw_buf; } @@ -312,5 +221,6 @@ return NULL; } #else -char smbpass_dummy[1]; /* To avoid compiler complaints */ +void smbpass_dummy(void){} /* To avoid compiler complaints */ #endif + diff -u -r --new-file last-version/source/smbpass.h samba-1.9.14alpha11/source/smbpass.h --- last-version/source/smbpass.h Tue Jul 11 13:41:27 1995 +++ samba-1.9.14alpha11/source/smbpass.h Tue Jul 11 20:08:40 1995 @@ -29,10 +29,7 @@ }; /* Return a smb_passwd struct given a user name, 0 if fails. */ -struct smb_passwd *get_smbpwnam(const char *user); - -/* Lock the password file */ -int do_pw_lock(int, int); +struct smb_passwd *get_smbpwnam(char *user); #ifndef uchar #define uchar unsigned char diff -u -r --new-file last-version/source/smbpasswd.c samba-1.9.14alpha11/source/smbpasswd.c --- last-version/source/smbpasswd.c Tue Jul 11 15:30:14 1995 +++ samba-1.9.14alpha11/source/smbpasswd.c Tue Jul 11 20:05:24 1995 @@ -29,131 +29,133 @@ static pstring user_name; static unsigned char smbpwd[16]; -struct smb_passwd *_my_get_smbpwnam(FILE *fp, const char *name, BOOL *valid_old_pwd, long *pwd_seekpos) +struct smb_passwd *_my_get_smbpwnam(FILE *fp,char *name, BOOL *valid_old_pwd, long *pwd_seekpos) { - char linebuf[256]; - unsigned char c; - unsigned char *p; - unsigned char *newp; - long uidval; - long linebuf_len; - unsigned char lonybble, hinybble; - int i; - - /* Scan the file, a line at a time and - check if the name matches. */ - while(!feof(fp)) - { - linebuf[0] = '\0'; - *pwd_seekpos = ftell(fp); + char linebuf[256]; + unsigned char c; + unsigned char *p; + long uidval; + long linebuf_len; + unsigned char lonybble, hinybble; + int i; + + /* Scan the file, a line at a time and + check if the name matches. */ + while(!feof(fp)) + { + linebuf[0] = '\0'; + *pwd_seekpos = ftell(fp); - fgets(linebuf, 256, fp); - if(ferror(fp)) - return NULL; - - /* Check if the string is terminated with a newline - - if not then we must keep reading and discard until - we get one. - */ - linebuf_len = strlen(linebuf); - if(linebuf[linebuf_len-1] != '\n') - { - c = '\0'; - while(!ferror(fp) && !feof(fp)) - { - c = fgetc(fp); - if(c == '\n') - break; - } - } - else - linebuf[linebuf_len-1] = '\0'; - - if((linebuf[0] == 0) && feof(fp)) - break; - /* The line we have should be of the form :- - - username:uid:[32hex bytes]:....other flags presently ignored.... - - */ - - if(linebuf[0] == '#' || linebuf[0] == '\0') - continue; - p = (unsigned char *)strchr(linebuf, ':'); - if( p == NULL) - continue; - /* As 256 is shorter than a pstring we don't - need to check length here - if this ever changes.... */ - strncpy( user_name, linebuf, (char *)p - linebuf); - user_name[(char *)p - linebuf] = '\0'; - if(strcasecmp(user_name, name)) - continue; - - /* User name matches - get uid and password */ - p++; /* Go past ':' */ - if(!isdigit(*p)) - return(False); - - uidval = strtol((char *)p, (char **)&newp, 10); - if(*newp != ':') - return(False); - - /* Now get the password value - this should be 32 hex digits which - are the ascii representations of a 16 byte string. Get two at - a time and put them into the password. - */ - p = newp + 1; - *pwd_seekpos += ((char *)p - linebuf); /* Save exact position of - passwd in file - this is used - by smbpasswd.c - */ - if(*p == '*' || *p == 'X') - { - /* Password deliberately invalid - end here. */ - *valid_old_pwd = False; - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - return(&pw_buf); - } - if(linebuf_len < ((char *)p - linebuf + 33)) - return(False); - - if(p[32] != ':') - return(False); - - if(strncasecmp(p,"NO PASSWORD",11) == 0) { - pw_buf.smb_passwd = NULL; /* No password */ - } else { - for(i = 0; i < 32; i += 2) - { - hinybble = toupper(p[i]); - if(isdigit(hinybble)) - hinybble -= '0'; - else - hinybble = (hinybble - 'A') + 10; - lonybble = toupper(p[i+1]); - if(isdigit(lonybble)) - lonybble -= '0'; - else - lonybble = (lonybble - 'A') + 10; - smbpwd[i/2] = (hinybble << 4) | lonybble; - } - pw_buf.smb_passwd = smbpwd; - } - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - *valid_old_pwd = True; - return &pw_buf; - } + fgets(linebuf, 256, fp); + if(ferror(fp)) return NULL; + + /* Check if the string is terminated with a newline - + if not then we must keep reading and discard until + we get one. + */ + linebuf_len = strlen(linebuf); + if(linebuf[linebuf_len-1] != '\n') + { + c = '\0'; + while(!ferror(fp) && !feof(fp)) + { + c = fgetc(fp); + if(c == '\n') + break; + } + } + else + linebuf[linebuf_len-1] = '\0'; + + if((linebuf[0] == 0) && feof(fp)) + break; + /* The line we have should be of the form :- + + username:uid:[32hex bytes]:....other flags presently ignored.... + */ + + if(linebuf[0] == '#' || linebuf[0] == '\0') + continue; + p = (unsigned char *)strchr(linebuf, ':'); + if( p == NULL) + continue; + /* As 256 is shorter than a pstring we don't + need to check length here - if this ever changes.... */ + strncpy( user_name, linebuf, PTR_DIFF(p,linebuf)); + user_name[PTR_DIFF(p,linebuf)] = '\0'; + if(!strequal(user_name, name)) + continue; + + /* User name matches - get uid and password */ + p++; /* Go past ':' */ + if(!isdigit(*p)) + return(False); + + uidval = atoi((char *)p); + while (*p && isdigit(*p)) p++; + + if(*p != ':') + return(False); + + /* Now get the password value - this should be 32 hex digits which + are the ascii representations of a 16 byte string. Get two at + a time and put them into the password. + */ + p++; + *pwd_seekpos += PTR_DIFF(p,linebuf); /* Save exact position of + passwd in file - this is used + by smbpasswd.c + */ + if(*p == '*' || *p == 'X') + { + /* Password deliberately invalid - end here. */ + *valid_old_pwd = False; + pw_buf.smb_name = user_name; + pw_buf.smb_userid = uidval; + return(&pw_buf); + } + if(linebuf_len < (PTR_DIFF(p,linebuf) + 33)) + return(False); + + if(p[32] != ':') + return(False); + + if(strequal(p,"NO PASSWORD")) { + pw_buf.smb_passwd = NULL; /* No password */ + } else { + char *hexchars = "0123456789ABCDEF"; + char *p1,*p2; + for(i = 0; i < 32; i += 2) + { + hinybble = toupper(p[i]); + lonybble = toupper(p[i+1]); + + p1 = strchr(hexchars,hinybble); + p2 = strchr(hexchars,lonybble); + if (!p1 || !p2) + return(False); + + hinybble = PTR_DIFF(p1,hexchars); + lonybble = PTR_DIFF(p2,hexchars); + + smbpwd[i/2] = (hinybble << 4) | lonybble; + } + pw_buf.smb_passwd = smbpwd; + } + + pw_buf.smb_name = user_name; + pw_buf.smb_userid = uidval; + *valid_old_pwd = True; + return &pw_buf; + } + return NULL; } /* * Print command usage on stderr and die. */ - -void usage(const char *name) +void usage(char *name) { fprintf(stderr, "Usage is : %s [username]\n", name); exit(1); @@ -161,199 +163,199 @@ int main(int argc, char **argv) { - int real_uid; - struct passwd *pwd; - fstring old_passwd; - uchar old_p16[16]; - fstring new_passwd; - uchar new_p16[16]; - char *p; - struct smb_passwd *smb_pwent; - FILE *fp; - BOOL valid_old_pwd = False; - long seekpos; - int pwfd; - char ascii_p16[33]; - char c; - int ret, i, err; - int lockfd=-1; - char *pfile = SMB_PASSWD_FILE; + int real_uid; + struct passwd *pwd; + fstring old_passwd; + uchar old_p16[16]; + fstring new_passwd; + uchar new_p16[16]; + char *p; + struct smb_passwd *smb_pwent; + FILE *fp; + BOOL valid_old_pwd = False; + long seekpos; + int pwfd; + char ascii_p16[33]; + char c; + int ret, i, err; + int lockfd=-1; + char *pfile = SMB_PASSWD_FILE; - charset_initialise(); + charset_initialise(); #ifndef DEBUG_PASSWORD - /* Check the effective uid */ - if(geteuid() != 0) { - fprintf(stderr, "%s: Must be setuid root.\n", argv[0]); - exit(1); - } + /* Check the effective uid */ + if(geteuid() != 0) { + fprintf(stderr, "%s: Must be setuid root.\n", argv[0]); + exit(1); + } #endif - /* Get the real uid */ - real_uid = getuid(); - - /* Deal with usage problems */ - if( real_uid == 0) { - /* As root we can change anothers password. */ - if(argc != 1 && argc != 2) - usage(argv[0]); - } else if(argc != 1) - usage(argv[0]); + /* Get the real uid */ + real_uid = getuid(); + + /* Deal with usage problems */ + if( real_uid == 0) { + /* As root we can change anothers password. */ + if(argc != 1 && argc != 2) + usage(argv[0]); + } else if(argc != 1) + usage(argv[0]); - if(real_uid == 0 && argc == 2) { - /* If we are root we can change anothers password. */ - strncpy( user_name, argv[1], sizeof(user_name)-1); - user_name[sizeof(user_name)-1] = '\0'; - pwd = getpwnam( user_name ); - } else { - pwd = getpwuid( real_uid ); - } - - if(pwd == 0) { - fprintf(stderr, "%s: Unable to get UNIX password entry for user.\n", argv[0]); - exit(1); - } - - /* If we are root we don't ask for the old password. */ - old_passwd[0] = '\0'; - if(real_uid != 0) { - p = getpass("Old SMB password:"); - strncpy(old_passwd, p, 14); - old_passwd[14] = '\0'; - strupper(old_passwd); - } - - new_passwd[0] = '\0'; - p = getpass("New SMB password:"); - strncpy(new_passwd, p, 14); - new_passwd[14] = '\0'; - p = getpass("Retype new SMB password:"); - if(strncmp(p, new_passwd, 14)) { - fprintf(stderr, "%s: Mismatch - password unchanged.\n", argv[0]); - exit(1); - } - strupper(new_passwd); - - if(new_passwd[0] == '\0') { - printf("Password not set\n"); - exit(0); - } - - /* Calculate the SMB hash functions of - both old an new passwords. */ - - memset(old_p16,'\0',16); - E_P16((uchar *)old_passwd,old_p16); - - memset(new_p16,'\0',16); - E_P16((uchar *)new_passwd,new_p16); - - /* Open the smbpaswd file XXXX - we need to parse smb.conf to - get the filename */ - if((fp = fopen(pfile, "r+")) == NULL) { - err = errno; - fprintf(stderr, "%s: Failed to open password file %s.\n", - argv[0], pfile); - errno = err; - perror(argv[0]); - exit(err); - } - - /* make sure it is only rw by the owner */ - fchmod(fileno(fp),0600); - - /* Lock the smbpasswd file for write. */ - if((lockfd=file_lock(pfile,5))<0) { - err = errno; - fprintf(stderr, "%s: Failed to lock password file %s.\n", - argv[0], pfile); - fclose(fp); - errno = err; - perror(argv[0]); - exit(err); - } - - /* Get the smb passwd entry for this user */ - smb_pwent = _my_get_smbpwnam( fp, pwd->pw_name, &valid_old_pwd, &seekpos); - if(smb_pwent == NULL) { - fprintf(stderr, "%s: Failed to find entry for user %s in file %s.\n", - argv[0], pwd->pw_name, pfile); - fclose(fp); - file_unlock(lockfd); - exit(1); - } - - /* If we are root we don't need to check the old password. */ - if( real_uid != 0) { - if( valid_old_pwd == False) { - fprintf(stderr, "%s: User %s is disabled, plase contact your administrator to enable it.\n", argv[0], pwd->pw_name); - fclose(fp); - file_unlock(lockfd); - exit(1); - } - /* Check the old passwd (if there was one). */ - if(smb_pwent->smb_passwd != NULL) { - if( memcmp( old_p16, smb_pwent->smb_passwd, 16)) { - fprintf(stderr, "%s: Couldn't change password.\n", argv[0]); - fclose(fp); - file_unlock(lockfd); - exit(1); - } - } - } - /* If we get here either we were root or the old password - checked out ok. */ - /* Create the 32 byte representation of the new p16 */ - for(i = 0; i < 16; i++) { - sprintf(&ascii_p16[i*2], "%02X", (uchar)new_p16[i]); - } - /* Do an atomic write into the file at the position - defined by seekpos. */ - pwfd = fileno(fp); - ret = lseek(pwfd, seekpos - 1, SEEK_SET); - if(ret != seekpos -1) { - err = errno; - fprintf(stderr, "%s: seek fail on file %s.\n", - argv[0], pfile); - fclose(fp); - errno = err; - perror(argv[0]); - file_unlock(lockfd); - exit(1); - } - /* Sanity check - ensure the character is a ':' */ - if(read(pwfd,&c,1) != 1) { - err = errno; - fprintf(stderr, "%s: read fail on file %s.\n", - argv[0], pfile); - fclose(fp); - errno = err; - perror(argv[0]); - file_unlock(lockfd); - exit(1); - } - if(c != ':') { - fprintf(stderr, "%s: sanity check on passwd file %s failed.\n", - argv[0], pfile); - fclose(fp); - file_unlock(lockfd); - exit(1); - } - if(write(pwfd,ascii_p16,32)!=32) { - err = errno; - fprintf(stderr, "%s: write fail in file %s.\n", - argv[0], pfile); - fclose(fp); - errno = err; - perror(argv[0]); - file_unlock(lockfd); - exit(err); - } + if(real_uid == 0 && argc == 2) { + /* If we are root we can change anothers password. */ + strncpy( user_name, argv[1], sizeof(user_name)-1); + user_name[sizeof(user_name)-1] = '\0'; + pwd = getpwnam( user_name ); + } else { + pwd = getpwuid( real_uid ); + } + + if(pwd == 0) { + fprintf(stderr, "%s: Unable to get UNIX password entry for user.\n", argv[0]); + exit(1); + } + + /* If we are root we don't ask for the old password. */ + old_passwd[0] = '\0'; + if(real_uid != 0) { + p = getpass("Old SMB password:"); + strncpy(old_passwd, p, 14); + old_passwd[14] = '\0'; + strupper(old_passwd); + } + + new_passwd[0] = '\0'; + p = getpass("New SMB password:"); + strncpy(new_passwd, p, 14); + new_passwd[14] = '\0'; + p = getpass("Retype new SMB password:"); + if(strncmp(p, new_passwd, 14)) { + fprintf(stderr, "%s: Mismatch - password unchanged.\n", argv[0]); + exit(1); + } + strupper(new_passwd); + + if(new_passwd[0] == '\0') { + printf("Password not set\n"); + exit(0); + } + + /* Calculate the SMB hash functions of + both old an new passwords. */ + + memset(old_p16,'\0',16); + E_P16((uchar *)old_passwd,old_p16); + + memset(new_p16,'\0',16); + E_P16((uchar *)new_passwd,new_p16); + + /* Open the smbpaswd file XXXX - we need to parse smb.conf to + get the filename */ + if((fp = fopen(pfile, "r+")) == NULL) { + err = errno; + fprintf(stderr, "%s: Failed to open password file %s.\n", + argv[0], pfile); + errno = err; + perror(argv[0]); + exit(err); + } + + /* make sure it is only rw by the owner */ + chmod(pfile,0600); + + /* Lock the smbpasswd file for write. */ + if((lockfd=file_lock(pfile,5))<0) { + err = errno; + fprintf(stderr, "%s: Failed to lock password file %s.\n", + argv[0], pfile); + fclose(fp); + errno = err; + perror(argv[0]); + exit(err); + } + + /* Get the smb passwd entry for this user */ + smb_pwent = _my_get_smbpwnam(fp, pwd->pw_name, &valid_old_pwd, &seekpos); + if(smb_pwent == NULL) { + fprintf(stderr, "%s: Failed to find entry for user %s in file %s.\n", + argv[0], pwd->pw_name, pfile); + fclose(fp); + file_unlock(lockfd); + exit(1); + } + + /* If we are root we don't need to check the old password. */ + if( real_uid != 0) { + if( valid_old_pwd == False) { + fprintf(stderr, "%s: User %s is disabled, plase contact your administrator to enable it.\n", argv[0], pwd->pw_name); + fclose(fp); + file_unlock(lockfd); + exit(1); + } + /* Check the old passwd (if there was one). */ + if(smb_pwent->smb_passwd != NULL) { + if( memcmp( old_p16, smb_pwent->smb_passwd, 16)) { + fprintf(stderr, "%s: Couldn't change password.\n", argv[0]); fclose(fp); file_unlock(lockfd); - printf("Password changed\n"); - return 0; + exit(1); + } + } + } + /* If we get here either we were root or the old password + checked out ok. */ + /* Create the 32 byte representation of the new p16 */ + for(i = 0; i < 16; i++) { + sprintf(&ascii_p16[i*2], "%02X", (uchar)new_p16[i]); + } + /* Do an atomic write into the file at the position + defined by seekpos. */ + pwfd = fileno(fp); + ret = lseek(pwfd, seekpos - 1, SEEK_SET); + if(ret != seekpos -1) { + err = errno; + fprintf(stderr, "%s: seek fail on file %s.\n", + argv[0], pfile); + fclose(fp); + errno = err; + perror(argv[0]); + file_unlock(lockfd); + exit(1); + } + /* Sanity check - ensure the character is a ':' */ + if(read(pwfd,&c,1) != 1) { + err = errno; + fprintf(stderr, "%s: read fail on file %s.\n", + argv[0], pfile); + fclose(fp); + errno = err; + perror(argv[0]); + file_unlock(lockfd); + exit(1); + } + if(c != ':') { + fprintf(stderr, "%s: sanity check on passwd file %s failed.\n", + argv[0], pfile); + fclose(fp); + file_unlock(lockfd); + exit(1); + } + if(write(pwfd,ascii_p16,32)!=32) { + err = errno; + fprintf(stderr, "%s: write fail in file %s.\n", + argv[0], pfile); + fclose(fp); + errno = err; + perror(argv[0]); + file_unlock(lockfd); + exit(err); + } + fclose(fp); + file_unlock(lockfd); + printf("Password changed\n"); + return 0; } #else @@ -366,3 +368,5 @@ return 0; } #endif + + diff -u -r --new-file last-version/source/version.h samba-1.9.14alpha11/source/version.h --- last-version/source/version.h Tue Jul 11 16:47:52 1995 +++ samba-1.9.14alpha11/source/version.h Tue Jul 11 22:38:46 1995 @@ -1 +1 @@ -#define VERSION "1.9.14alpha10" +#define VERSION "1.9.14alpha11"