You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
391 lines
13 KiB
391 lines
13 KiB
From f7046a874ce3ab5d9b4024442daf03e79f25956b Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 18 Aug 2017 16:08:46 +0200
|
|
Subject: [PATCH 1/6] s3:libsmb: Pass domain to remote_password_change()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
|
|
(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
|
|
---
|
|
source3/include/proto.h | 3 ++-
|
|
source3/libsmb/passchange.c | 5 +++--
|
|
source3/utils/smbpasswd.c | 3 ++-
|
|
3 files changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/source3/include/proto.h b/source3/include/proto.h
|
|
index baa579995a5..9deb27b416b 100644
|
|
--- a/source3/include/proto.h
|
|
+++ b/source3/include/proto.h
|
|
@@ -834,7 +834,8 @@ bool get_dc_name(const char *domain,
|
|
|
|
/* The following definitions come from libsmb/passchange.c */
|
|
|
|
-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name,
|
|
+NTSTATUS remote_password_change(const char *remote_machine,
|
|
+ const char *domain, const char *user_name,
|
|
const char *old_passwd, const char *new_passwd,
|
|
char **err_str);
|
|
|
|
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
|
|
index c89b7ca85d1..48ffba8036f 100644
|
|
--- a/source3/libsmb/passchange.c
|
|
+++ b/source3/libsmb/passchange.c
|
|
@@ -30,7 +30,8 @@
|
|
Change a password on a remote machine using IPC calls.
|
|
*************************************************************/
|
|
|
|
-NTSTATUS remote_password_change(const char *remote_machine, const char *user_name,
|
|
+NTSTATUS remote_password_change(const char *remote_machine,
|
|
+ const char *domain, const char *user_name,
|
|
const char *old_passwd, const char *new_passwd,
|
|
char **err_str)
|
|
{
|
|
@@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
|
|
|
|
creds = cli_session_creds_init(cli,
|
|
user_name,
|
|
- NULL, /* domain */
|
|
+ domain,
|
|
NULL, /* realm */
|
|
old_passwd,
|
|
false, /* use_kerberos */
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
|
|
index 437a5e551bb..4d7a3c739bc 100644
|
|
--- a/source3/utils/smbpasswd.c
|
|
+++ b/source3/utils/smbpasswd.c
|
|
@@ -258,7 +258,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
|
|
fprintf(stderr, "Invalid remote operation!\n");
|
|
return NT_STATUS_UNSUCCESSFUL;
|
|
}
|
|
- ret = remote_password_change(remote_mach, username,
|
|
+ ret = remote_password_change(remote_mach,
|
|
+ NULL, username,
|
|
old_passwd, new_pw, &err_str);
|
|
} else {
|
|
ret = local_password_change(username, local_flags, new_pw,
|
|
--
|
|
2.14.1
|
|
|
|
|
|
From f215f7c53032689dbdaac96a3a16fa7d3fe3d3c5 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 18 Aug 2017 16:10:06 +0200
|
|
Subject: [PATCH 2/6] s3:libsmb: Move prototye of remote_password_change()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
|
|
(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)
|
|
---
|
|
source3/include/proto.h | 7 -------
|
|
source3/libsmb/proto.h | 10 ++++++++++
|
|
source3/utils/smbpasswd.c | 1 +
|
|
3 files changed, 11 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/source3/include/proto.h b/source3/include/proto.h
|
|
index 9deb27b416b..67e1a9d750e 100644
|
|
--- a/source3/include/proto.h
|
|
+++ b/source3/include/proto.h
|
|
@@ -832,13 +832,6 @@ bool get_dc_name(const char *domain,
|
|
fstring srv_name,
|
|
struct sockaddr_storage *ss_out);
|
|
|
|
-/* The following definitions come from libsmb/passchange.c */
|
|
-
|
|
-NTSTATUS remote_password_change(const char *remote_machine,
|
|
- const char *domain, const char *user_name,
|
|
- const char *old_passwd, const char *new_passwd,
|
|
- char **err_str);
|
|
-
|
|
/* The following definitions come from libsmb/smberr.c */
|
|
|
|
const char *smb_dos_err_name(uint8_t e_class, uint16_t num);
|
|
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
|
|
index a583a8ee159..44f4d04cff5 100644
|
|
--- a/source3/libsmb/proto.h
|
|
+++ b/source3/libsmb/proto.h
|
|
@@ -31,6 +31,9 @@
|
|
|
|
struct smb_trans_enc_state;
|
|
struct cli_credentials;
|
|
+struct cli_state;
|
|
+struct file_info;
|
|
+struct print_job_info;
|
|
|
|
/* The following definitions come from libsmb/cliconnect.c */
|
|
|
|
@@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char *fname,
|
|
TALLOC_CTX *mem_ctx, char **psubstitute_name,
|
|
char **pprint_name, uint32_t *pflags);
|
|
|
|
+/* The following definitions come from libsmb/passchange.c */
|
|
+
|
|
+NTSTATUS remote_password_change(const char *remote_machine,
|
|
+ const char *domain, const char *user_name,
|
|
+ const char *old_passwd, const char *new_passwd,
|
|
+ char **err_str);
|
|
+
|
|
#endif /* _LIBSMB_PROTO_H_ */
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
|
|
index 4d7a3c739bc..6eb2deb7a3b 100644
|
|
--- a/source3/utils/smbpasswd.c
|
|
+++ b/source3/utils/smbpasswd.c
|
|
@@ -21,6 +21,7 @@
|
|
#include "secrets.h"
|
|
#include "../librpc/gen_ndr/samr.h"
|
|
#include "../lib/util/util_pw.h"
|
|
+#include "libsmb/proto.h"
|
|
#include "passdb.h"
|
|
|
|
/*
|
|
--
|
|
2.14.1
|
|
|
|
|
|
From 7e6e01b965c838494203c964fa5ac55b355bd58a Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 18 Aug 2017 16:13:15 +0200
|
|
Subject: [PATCH 3/6] s3:utils: Make strings const passed to password_change()
|
|
in smbpasswd
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
|
|
(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)
|
|
---
|
|
source3/utils/smbpasswd.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
|
|
index 6eb2deb7a3b..b0e08cc0e58 100644
|
|
--- a/source3/utils/smbpasswd.c
|
|
+++ b/source3/utils/smbpasswd.c
|
|
@@ -243,8 +243,9 @@ static char *prompt_for_new_password(bool stdin_get)
|
|
Change a password either locally or remotely.
|
|
*************************************************************/
|
|
|
|
-static NTSTATUS password_change(const char *remote_mach, char *username,
|
|
- char *old_passwd, char *new_pw,
|
|
+static NTSTATUS password_change(const char *remote_mach,
|
|
+ const char *username,
|
|
+ const char *old_passwd, const char *new_pw,
|
|
int local_flags)
|
|
{
|
|
NTSTATUS ret;
|
|
--
|
|
2.14.1
|
|
|
|
|
|
From bec5dc7c8b1bca092fa4ea87016bbfdb2750896c Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 18 Aug 2017 16:14:57 +0200
|
|
Subject: [PATCH 4/6] s3:utils: Pass domain to password_change() in smbpasswd
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
|
|
(cherry picked from commit b483340639157fe95777672f5723455c48c3c616)
|
|
---
|
|
source3/utils/smbpasswd.c | 12 +++++++-----
|
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
|
|
index b0e08cc0e58..92712e38f6b 100644
|
|
--- a/source3/utils/smbpasswd.c
|
|
+++ b/source3/utils/smbpasswd.c
|
|
@@ -244,7 +244,7 @@ static char *prompt_for_new_password(bool stdin_get)
|
|
*************************************************************/
|
|
|
|
static NTSTATUS password_change(const char *remote_mach,
|
|
- const char *username,
|
|
+ const char *domain, const char *username,
|
|
const char *old_passwd, const char *new_pw,
|
|
int local_flags)
|
|
{
|
|
@@ -261,7 +261,7 @@ static NTSTATUS password_change(const char *remote_mach,
|
|
return NT_STATUS_UNSUCCESSFUL;
|
|
}
|
|
ret = remote_password_change(remote_mach,
|
|
- NULL, username,
|
|
+ domain, username,
|
|
old_passwd, new_pw, &err_str);
|
|
} else {
|
|
ret = local_password_change(username, local_flags, new_pw,
|
|
@@ -466,7 +466,8 @@ static int process_root(int local_flags)
|
|
}
|
|
}
|
|
|
|
- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name,
|
|
+ if (!NT_STATUS_IS_OK(password_change(remote_machine,
|
|
+ NULL, user_name,
|
|
old_passwd, new_passwd,
|
|
local_flags))) {
|
|
result = 1;
|
|
@@ -566,8 +567,9 @@ static int process_nonroot(int local_flags)
|
|
exit(1);
|
|
}
|
|
|
|
- if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw,
|
|
- new_pw, 0))) {
|
|
+ if (!NT_STATUS_IS_OK(password_change(remote_machine,
|
|
+ NULL, user_name,
|
|
+ old_pw, new_pw, 0))) {
|
|
result = 1;
|
|
goto done;
|
|
}
|
|
--
|
|
2.14.1
|
|
|
|
|
|
From 72dd200ce430b23a887ddfa73c2b618bf387c583 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 18 Aug 2017 16:17:08 +0200
|
|
Subject: [PATCH 5/6] s3:utils: Make sure we authenticate against our SAM name
|
|
in smbpasswd
|
|
|
|
If a local user wants to change his password using smbpasswd and the
|
|
machine is a domain member, we need to make sure we authenticate against
|
|
our SAM and not ask winbind.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
|
|
(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
|
|
---
|
|
source3/utils/smbpasswd.c | 32 +++++++++++++++++++++++++++-----
|
|
1 file changed, 27 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
|
|
index 92712e38f6b..556e6869da7 100644
|
|
--- a/source3/utils/smbpasswd.c
|
|
+++ b/source3/utils/smbpasswd.c
|
|
@@ -58,7 +58,7 @@ static void usage(void)
|
|
printf(" -c smb.conf file Use the given path to the smb.conf file\n");
|
|
printf(" -D LEVEL debug level\n");
|
|
printf(" -r MACHINE remote machine\n");
|
|
- printf(" -U USER remote username\n");
|
|
+ printf(" -U USER remote username (e.g. SAM/user)\n");
|
|
|
|
printf("extra options when run by root or in local mode:\n");
|
|
printf(" -a add user\n");
|
|
@@ -95,7 +95,7 @@ static int process_options(int argc, char **argv, int local_flags)
|
|
|
|
user_name[0] = '\0';
|
|
|
|
- while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
|
|
+ while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) {
|
|
switch(ch) {
|
|
case 'L':
|
|
if (getuid() != 0) {
|
|
@@ -519,6 +519,9 @@ static int process_nonroot(int local_flags)
|
|
int result = 0;
|
|
char *old_pw = NULL;
|
|
char *new_pw = NULL;
|
|
+ const char *username = user_name;
|
|
+ const char *domain = NULL;
|
|
+ char *p = NULL;
|
|
|
|
if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) {
|
|
/* Extra flags that we can't honor non-root */
|
|
@@ -536,6 +539,15 @@ static int process_nonroot(int local_flags)
|
|
}
|
|
}
|
|
|
|
+ /* Allow domain as part of the username */
|
|
+ if ((p = strchr_m(user_name, '\\')) ||
|
|
+ (p = strchr_m(user_name, '/')) ||
|
|
+ (p = strchr_m(user_name, *lp_winbind_separator()))) {
|
|
+ *p = '\0';
|
|
+ username = p + 1;
|
|
+ domain = user_name;
|
|
+ }
|
|
+
|
|
/*
|
|
* A non-root user is always setting a password
|
|
* via a remote machine (even if that machine is
|
|
@@ -544,8 +556,18 @@ static int process_nonroot(int local_flags)
|
|
|
|
load_interfaces(); /* Delayed from main() */
|
|
|
|
- if (remote_machine == NULL) {
|
|
+ if (remote_machine != NULL) {
|
|
+ if (!is_ipaddress(remote_machine)) {
|
|
+ domain = remote_machine;
|
|
+ }
|
|
+ } else {
|
|
remote_machine = "127.0.0.1";
|
|
+
|
|
+ /*
|
|
+ * If we deal with a local user, change the password for the
|
|
+ * user in our SAM.
|
|
+ */
|
|
+ domain = get_global_sam_name();
|
|
}
|
|
|
|
if (remote_machine != NULL) {
|
|
@@ -568,13 +590,13 @@ static int process_nonroot(int local_flags)
|
|
}
|
|
|
|
if (!NT_STATUS_IS_OK(password_change(remote_machine,
|
|
- NULL, user_name,
|
|
+ domain, username,
|
|
old_pw, new_pw, 0))) {
|
|
result = 1;
|
|
goto done;
|
|
}
|
|
|
|
- printf("Password changed for user %s\n", user_name);
|
|
+ printf("Password changed for user %s\n", username);
|
|
|
|
done:
|
|
SAFE_FREE(old_pw);
|
|
--
|
|
2.14.1
|
|
|
|
|
|
From 7d8aae447a411eb4903850c30366a18d1714f7c0 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 22 Aug 2017 15:46:07 +0200
|
|
Subject: [PATCH 6/6] s3:utils: Remove pointless if-clause for remote_machine
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
|
|
|
|
Review with: git show -U20
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
|
|
(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)
|
|
---
|
|
source3/utils/smbpasswd.c | 10 ++++------
|
|
1 file changed, 4 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
|
|
index 556e6869da7..fb7ad283995 100644
|
|
--- a/source3/utils/smbpasswd.c
|
|
+++ b/source3/utils/smbpasswd.c
|
|
@@ -570,12 +570,10 @@ static int process_nonroot(int local_flags)
|
|
domain = get_global_sam_name();
|
|
}
|
|
|
|
- if (remote_machine != NULL) {
|
|
- old_pw = get_pass("Old SMB password:",stdin_passwd_get);
|
|
- if (old_pw == NULL) {
|
|
- fprintf(stderr, "Unable to get old password.\n");
|
|
- exit(1);
|
|
- }
|
|
+ old_pw = get_pass("Old SMB password:",stdin_passwd_get);
|
|
+ if (old_pw == NULL) {
|
|
+ fprintf(stderr, "Unable to get old password.\n");
|
|
+ exit(1);
|
|
}
|
|
|
|
if (!new_passwd) {
|
|
--
|
|
2.14.1
|
|
|
|
|