2 Unix SMB/Netbios implementation.
4 Samba utility functions
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 /* fork a child process to exec passwd and write to its
23 * tty to change a users password. This is running as the
24 * user who is attempting to change the password.
28 * This code was copied/borrowed and stolen from various sources.
29 * The primary source was the poppasswd.c from the authors of POPMail. This software
30 * was included as a client to change passwords using the 'passwd' program
31 * on the remote machine.
33 * This routine is called by set_user_password() in password.c only if ALLOW_PASSWORD_CHANGE
34 * is defined in the compiler directives located in the Makefile.
36 * This code has been hacked by Bob Nance (nance@niehs.nih.gov) and Evan Patterson
37 * (patters2@niehs.nih.gov) at the National Institute of Environmental Health Sciences
38 * and rights to modify, distribute or incorporate this change to the CAP suite or
39 * using it for any other reason are granted, so long as this disclaimer is left intact.
43 This code was hacked considerably for inclusion in Samba, primarily
44 by Andrew.Tridgell@anu.edu.au. The biggest change was the addition
45 of the "password chat" option, which allows the easy runtime
46 specification of the expected sequence of events to change a
52 extern int DEBUGLEVEL
;
53 extern struct passdb_ops pdb_ops
;
55 #if ALLOW_CHANGE_PASSWORD
57 static int findpty(char **slave
)
64 #if defined(HAVE_GRANTPT)
65 /* Try to open /dev/ptmx. If that fails, fall through to old method. */
66 if ((master
= sys_open("/dev/ptmx", O_RDWR
, 0)) >= 0)
70 *slave
= (char *)ptsname(master
);
74 ("findpty: Unable to create master/slave pty pair.\n"));
75 /* Stop fd leak on error. */
82 ("findpty: Allocated slave pty %s\n", *slave
));
86 #endif /* HAVE_GRANTPT */
88 fstrcpy(line
, "/dev/ptyXX");
90 dirp
= opendir("/dev");
93 while ((dpname
= readdirname(dirp
)) != NULL
)
95 if (strncmp(dpname
, "pty", 3) == 0 && strlen(dpname
) == 5)
98 ("pty: try to open %s, line was %s\n", dpname
,
102 if ((master
= sys_open(line
, O_RDWR
, 0)) >= 0)
104 DEBUG(3, ("pty: opened %s\n", line
));
116 static int dochild(int master
, char *slavedev
, char *name
,
117 char *passwordprogram
, BOOL as_root
)
120 struct termios stermios
;
121 struct passwd
*pass
= Get_Pwnam(name
, True
);
128 ("dochild: user name %s doesn't exist in the UNIX password database.\n",
136 gain_root_privilege();
138 /* Start new session - gets rid of controlling terminal. */
142 ("Weirdness, couldn't let go of controlling terminal\n"));
146 /* Open slave pty and acquire as new controlling terminal. */
147 if ((slave
= sys_open(slavedev
, O_RDWR
, 0)) < 0)
149 DEBUG(3, ("More weirdness, could not open %s\n", slavedev
));
153 ioctl(slave
, I_PUSH
, "ptem");
154 ioctl(slave
, I_PUSH
, "ldterm");
155 #elif defined(TIOCSCTTY)
156 if (ioctl(slave
, TIOCSCTTY
, 0) < 0)
158 DEBUG(3, ("Error in ioctl call for slave pty\n"));
166 /* Make slave stdin/out/err of child. */
168 if (dup2(slave
, STDIN_FILENO
) != STDIN_FILENO
)
170 DEBUG(3, ("Could not re-direct stdin\n"));
173 if (dup2(slave
, STDOUT_FILENO
) != STDOUT_FILENO
)
175 DEBUG(3, ("Could not re-direct stdout\n"));
178 if (dup2(slave
, STDERR_FILENO
) != STDERR_FILENO
)
180 DEBUG(3, ("Could not re-direct stderr\n"));
186 /* Set proper terminal attributes - no echo, canonical input processing,
187 no map NL to CR/NL on output. */
189 if (tcgetattr(0, &stermios
) < 0)
192 ("could not read default terminal attributes on pty\n"));
195 stermios
.c_lflag
&= ~(ECHO
| ECHOE
| ECHOK
| ECHONL
);
196 stermios
.c_lflag
|= ICANON
;
197 stermios
.c_oflag
&= ~(ONLCR
);
198 if (tcsetattr(0, TCSANOW
, &stermios
) < 0)
200 DEBUG(3, ("could not set attributes of pty\n"));
204 /* make us completely into the right uid */
207 become_user_permanently(uid
, gid
);
211 ("Invoking '%s' as password change program.\n",
214 /* execl() password-change application */
215 if (execl("/bin/sh", "sh", "-c", passwordprogram
, NULL
) < 0)
217 DEBUG(3, ("Bad status returned from %s\n", passwordprogram
));
223 static int expect(int master
, char *issue
, char *expected
)
226 int attempts
, timeout
, nread
, len
;
229 for (attempts
= 0; attempts
< 2; attempts
++)
231 if (!strequal(issue
, "."))
233 if (lp_passwd_chat_debug())
234 DEBUG(100, ("expect: sending [%s]\n", issue
));
236 write(master
, issue
, strlen(issue
));
239 if (strequal(expected
, "."))
246 while ((len
= read_with_timeout(master
, buffer
+ nread
, 1,
247 sizeof(buffer
) - nread
- 1,
253 if ((match
= (wild_match(expected
, buffer
) == 0)))
257 if (lp_passwd_chat_debug())
258 DEBUG(100, ("expect: expected [%s] received [%s]\n",
266 DEBUG(2, ("expect: %s\n", strerror(errno
)));
274 static void pwd_sub(char *buf
)
276 all_string_sub(buf
, "\\n", "\n", 0);
277 all_string_sub(buf
, "\\r", "\r", 0);
278 all_string_sub(buf
, "\\s", " ", 0);
279 all_string_sub(buf
, "\\t", "\t", 0);
282 static int talktochild(int master
, char *seq
)
285 fstring issue
, expected
;
289 while (next_token(&seq
, expected
, NULL
, sizeof(expected
)))
294 if (!expect(master
, issue
, expected
))
296 DEBUG(3, ("Response %d incorrect\n", count
));
300 if (!next_token(&seq
, issue
, NULL
, sizeof(issue
)))
309 static BOOL
chat_with_program(char *passwordprogram
, char *name
,
310 char *chatsequence
, BOOL as_root
)
318 /* allocate a pseudo-terminal device */
319 if ((master
= findpty(&slavedev
)) < 0)
322 ("Cannot Allocate pty for password change: %s\n",
328 * We need to temporarily stop CatchChild from eating
329 * SIGCLD signals as it also eats the exit status code. JRA.
332 CatchChildLeaveStatus();
334 if ((pid
= sys_fork()) < 0)
337 ("Cannot fork() child for password change: %s\n",
344 /* we now have a pty */
346 { /* This is the parent process */
347 if ((chstat
= talktochild(master
, chatsequence
)) == False
)
350 ("Child failed to change password: %s\n",
352 kill(pid
, SIGKILL
); /* be sure to end this process */
355 while ((wpid
= sys_waitpid(pid
, &wstat
, 0)) < 0)
367 DEBUG(3, ("The process is no longer waiting!\n\n"));
374 * Go back to ignoring children.
383 ("We were waiting for the wrong process ID\n"));
386 if (WIFEXITED(wstat
) == 0)
389 ("The process exited while we were waiting\n"));
392 if (WEXITSTATUS(wstat
) != 0)
395 ("The status of the process exiting was %d\n",
406 * Lose any oplock capabilities.
408 oplock_set_capability(False
, False
);
410 /* make sure it doesn't freeze */
417 ("Dochild for user %s (uid=%d,gid=%d)\n", name
,
418 (int)getuid(), (int)getgid()));
420 dochild(master
, slavedev
, name
, passwordprogram
,
427 * The child should never return from dochild() ....
431 ("chat_with_program: Error: dochild() returned %d\n",
438 ("Password change %ssuccessful for user %s\n",
439 (chstat
? "" : "un"), name
));
444 BOOL
chgpasswd(char *name
, char *oldpass
, char *newpass
, BOOL as_root
)
446 pstring passwordprogram
;
447 pstring chatsequence
;
452 DEBUG(3, ("Password change for user: %s\n", name
));
455 DEBUG(100, ("Passwords: old=%s new=%s\n", oldpass
, newpass
));
458 /* Take the passed information and test it for minimum criteria */
459 /* Minimum password length */
460 if (strlen(newpass
) < lp_min_passwd_length()) {
461 /* too short, must be at least MINPASSWDLENGTH */
462 DEBUG(0, ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
463 name
, lp_min_passwd_length()));
464 return (False
); /* inform the user */
467 /* Password is same as old password */
468 if (strcmp(oldpass
, newpass
) == 0) {
469 /* don't allow same password */
470 DEBUG(2, ("Password Change: %s, New password is same as old\n", name
)); /* log the attempt */
471 return (False
); /* inform the user */
475 * Check the old and new passwords don't contain any control
479 len
= strlen(oldpass
);
480 for (i
= 0; i
< len
; i
++) {
481 if (iscntrl((int)oldpass
[i
])) {
483 ("chat_with_program: oldpass contains control characters (disallowed).\n"));
488 len
= strlen(newpass
);
489 for (i
= 0; i
< len
; i
++) {
490 if (iscntrl((int)newpass
[i
])) {
492 ("chat_with_program: newpass contains control characters (disallowed).\n"));
498 if (lp_pam_password_change()) {
504 ret
= smb_pam_passchange(name
, oldpass
, newpass
);
513 pstrcpy(passwordprogram
, lp_passwd_program());
514 pstrcpy(chatsequence
, lp_passwd_chat());
516 if (!*chatsequence
) {
517 DEBUG(2, ("Null chat sequence - no password changing\n"));
521 if (!*passwordprogram
) {
522 DEBUG(2, ("Null password program - no password changing\n"));
526 pstring_sub(passwordprogram
, "%u", name
);
527 /* note that we do NOT substitute the %o and %n in the password program
528 as this would open up a security hole where the user could use
529 a new password containing shell escape characters */
531 pstring_sub(chatsequence
, "%u", name
);
532 all_string_sub(chatsequence
, "%o", oldpass
, sizeof(pstring
));
533 all_string_sub(chatsequence
, "%n", newpass
, sizeof(pstring
));
534 return (chat_with_program
535 (passwordprogram
, name
, chatsequence
, as_root
));
538 #else /* ALLOW_CHANGE_PASSWORD */
540 BOOL
chgpasswd(char *name
, char *oldpass
, char *newpass
, BOOL as_root
)
542 DEBUG(0, ("Password changing not compiled in (user=%s)\n", name
));
545 #endif /* ALLOW_CHANGE_PASSWORD */
547 /***********************************************************
548 Code to check the lanman hashed password.
549 ************************************************************/
551 BOOL
check_lanman_password(char *user
, uchar
* pass1
,
552 uchar
* pass2
, SAM_ACCOUNT
**hnd
)
554 static uchar null_pw
[16];
555 uchar unenc_new_pw
[16];
556 uchar unenc_old_pw
[16];
557 SAM_ACCOUNT
*sampass
= NULL
;
563 ret
= pdb_getsampwnam(sampass
, user
);
567 DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
568 pdb_free_sam(sampass
);
572 acct_ctrl
= pdb_get_acct_ctrl (sampass
);
573 lanman_pw
= pdb_get_lanman_passwd (sampass
);
575 if (acct_ctrl
& ACB_DISABLED
) {
576 DEBUG(0,("check_lanman_password: account %s disabled.\n", user
));
577 pdb_free_sam(sampass
);
581 if ((lanman_pw
== NULL
) && (acct_ctrl
& ACB_PWNOTREQ
)) {
583 memset(no_pw
, '\0', 14);
584 E_P16(no_pw
, null_pw
);
585 pdb_set_lanman_passwd (sampass
, null_pw
);
587 else if (lanman_pw
== NULL
) {
588 DEBUG(0, ("check_lanman_password: no lanman password !\n"));
589 pdb_free_sam(sampass
);
593 /* Get the new lanman hash. */
594 D_P16(lanman_pw
, pass2
, unenc_new_pw
);
596 /* Use this to get the old lanman hash. */
597 D_P16(unenc_new_pw
, pass1
, unenc_old_pw
);
599 /* Check that the two old passwords match. */
600 if (memcmp(lanman_pw
, unenc_old_pw
, 16)) {
601 DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
602 pdb_free_sam(sampass
);
606 /* this saves the pointer for the caller */
612 /***********************************************************
613 Code to change the lanman hashed password.
614 It nulls out the NT hashed password as it will
616 ************************************************************/
618 BOOL
change_lanman_password(SAM_ACCOUNT
*sampass
, uchar
* pass1
,
621 static uchar null_pw
[16];
622 uchar unenc_new_pw
[16];
627 if (sampass
== NULL
) {
628 DEBUG(0,("change_lanman_password: no smb password entry.\n"));
632 acct_ctrl
= pdb_get_acct_ctrl(sampass
);
633 pwd
= pdb_get_lanman_passwd(sampass
);
635 if (acct_ctrl
& ACB_DISABLED
) {
636 DEBUG(0,("change_lanman_password: account %s disabled.\n",
637 pdb_get_username(sampass
)));
641 if ((pwd
== NULL
) && (acct_ctrl
& ACB_PWNOTREQ
)) {
643 memset(no_pw
, '\0', 14);
644 E_P16(no_pw
, null_pw
);
645 pdb_set_lanman_passwd(sampass
, null_pw
);
647 else if (pwd
== NULL
) {
648 DEBUG(0,("change_lanman_password: no lanman password !\n"));
652 /* Get the new lanman hash. */
653 D_P16(pwd
, pass2
, unenc_new_pw
);
655 pdb_set_lanman_passwd(sampass
, unenc_new_pw
);
656 pdb_set_nt_passwd (sampass
, NULL
); /* We lose the NT hash. Sorry. */
658 /* Now flush the sam_passwd struct to persistent storage */
660 ret
= pdb_update_sam_account (sampass
, False
);
666 /***********************************************************
667 Code to check and change the OEM hashed password.
668 ************************************************************/
669 BOOL
pass_oem_change(char *user
,
670 uchar
* lmdata
, uchar
* lmhash
,
671 uchar
* ntdata
, uchar
* nthash
)
674 SAM_ACCOUNT
*sampass
= NULL
;
675 BOOL ret
= check_oem_password(user
, lmdata
, lmhash
, ntdata
, nthash
,
676 &sampass
, new_passwd
, sizeof(new_passwd
));
679 * At this point we have the new case-sensitive plaintext
680 * password in the fstring new_passwd. If we wanted to synchronise
681 * with UNIX passwords we would call a UNIX password changing
682 * function here. However it would have to be done as root
683 * as the plaintext of the old users password is not
687 if (ret
&& lp_unix_password_sync())
688 ret
= chgpasswd(user
, "", new_passwd
, True
);
691 ret
= change_oem_password(sampass
, new_passwd
, False
);
693 memset(new_passwd
, 0, sizeof(new_passwd
));
695 pdb_free_sam(sampass
);
700 /***********************************************************
701 Code to check the OEM hashed password.
703 this function ignores the 516 byte nt OEM hashed password
704 but does use the lm OEM password to check the nt hashed-hash.
706 ************************************************************/
707 BOOL
check_oem_password(char *user
,
708 uchar
* lmdata
, uchar
* lmhash
,
709 uchar
* ntdata
, uchar
* nthash
,
710 SAM_ACCOUNT
**hnd
, char *new_passwd
,
713 static uchar null_pw
[16];
714 static uchar null_ntpw
[16];
715 SAM_ACCOUNT
*sampass
= NULL
;
716 uint8
*lanman_pw
, *nt_pw
;
720 uchar unenc_old_ntpw
[16];
722 uchar unenc_old_pw
[16];
726 BOOL nt_pass_set
= (ntdata
!= NULL
&& nthash
!= NULL
);
728 pdb_init_sam(&sampass
);
731 ret
= pdb_getsampwnam(sampass
, user
);
735 DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
741 acct_ctrl
= pdb_get_acct_ctrl(sampass
);
743 if (acct_ctrl
& ACB_DISABLED
) {
744 DEBUG(0,("check_lanman_password: account %s disabled.\n", user
));
748 /* construct a null password (in case one is needed */
751 nt_lm_owf_gen(no_pw
, null_ntpw
, null_pw
);
753 /* save pointers to passwords so we don't have to keep looking them up */
754 lanman_pw
= pdb_get_lanman_passwd(sampass
);
755 nt_pw
= pdb_get_nt_passwd (sampass
);
757 /* check for null passwords */
758 if (lanman_pw
== NULL
) {
759 if (acct_ctrl
& ACB_PWNOTREQ
)
760 pdb_set_lanman_passwd(sampass
, null_pw
);
762 DEBUG(0,("check_oem_password: no lanman password !\n"));
767 if (pdb_get_nt_passwd(sampass
) == NULL
&& nt_pass_set
) {
768 if (acct_ctrl
& ACB_PWNOTREQ
)
769 pdb_set_nt_passwd(sampass
, null_pw
);
771 DEBUG(0,("check_oem_password: no ntlm password !\n"));
777 * Call the hash function to get the new password.
779 SamOEMhash((uchar
*) lmdata
, (uchar
*)lanman_pw
, 516);
782 * The length of the new password is in the last 4 bytes of
786 new_pw_len
= IVAL(lmdata
, 512);
787 if (new_pw_len
< 0 || new_pw_len
> new_passwd_size
- 1) {
788 DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len
));
794 * nt passwords are in unicode
796 pull_ucs2(NULL
, new_passwd
,
797 (const smb_ucs2_t
*)&lmdata
[512 - new_pw_len
],
798 new_passwd_size
, new_pw_len
, 0);
800 memcpy(new_passwd
, &lmdata
[512 - new_pw_len
], new_pw_len
);
801 new_passwd
[new_pw_len
] = 0;
805 * To ensure we got the correct new password, hash it and
806 * use it as a key to test the passed old password.
809 nt_lm_owf_gen(new_passwd
, new_ntp16
, new_p16
);
814 * Now use new_p16 as the key to see if the old
817 D_P16(new_p16
, lmhash
, unenc_old_pw
);
819 if (memcmp(lanman_pw
, unenc_old_pw
, 16))
821 DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
825 #ifdef DEBUG_PASSWORD
827 ("check_oem_password: password %s ok\n", new_passwd
));
833 * Now use new_p16 as the key to see if the old
836 D_P16(new_ntp16
, lmhash
, unenc_old_pw
);
837 D_P16(new_ntp16
, nthash
, unenc_old_ntpw
);
839 if (memcmp(lanman_pw
, unenc_old_pw
, 16))
841 DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
845 if (memcmp(nt_pw
, unenc_old_ntpw
, 16))
847 DEBUG(0,("check_oem_password: old nt password doesn't match.\n"));
850 #ifdef DEBUG_PASSWORD
851 DEBUG(100, ("check_oem_password: password %s ok\n", new_passwd
));
856 /***********************************************************
857 Code to change the oem password. Changes both the lanman
859 override = False, normal
860 override = True, override XXXXXXXXXX'd password
861 ************************************************************/
863 BOOL
change_oem_password(SAM_ACCOUNT
*hnd
, char *new_passwd
,
867 uchar new_nt_p16
[16];
870 nt_lm_owf_gen(new_passwd
, new_nt_p16
, new_p16
);
872 pdb_set_lanman_passwd (hnd
, new_p16
);
873 pdb_set_nt_passwd (hnd
, new_nt_p16
);
875 /* Now write it into the file. */
877 ret
= pdb_update_sam_account (hnd
, override
);
880 memset(new_passwd
, '\0', strlen(new_passwd
));
885 /***********************************************************
886 Code to check a plaintext password against smbpasswd entries.
887 ***********************************************************/
889 BOOL
check_plaintext_password(char *user
, char *old_passwd
,
890 int old_passwd_size
, SAM_ACCOUNT
**hnd
)
892 SAM_ACCOUNT
*sampass
= NULL
;
893 uchar old_pw
[16], old_ntpw
[16];
896 pdb_init_sam(&sampass
);
899 ret
= pdb_getsampwnam(sampass
, user
);
906 DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n"));
910 if (pdb_get_acct_ctrl(sampass
) & ACB_DISABLED
)
912 DEBUG(0,("check_plaintext_password: account %s disabled.\n", user
));
916 nt_lm_owf_gen(old_passwd
, old_ntpw
, old_pw
);
918 #ifdef DEBUG_PASSWORD
919 DEBUG(100, ("check_plaintext_password: nt_passwd \n"));
920 dump_data(100, pdb_get_nt_passwd(sampass
), 16);
921 DEBUG(100, ("check_plaintext_password: old_ntpw \n"));
922 dump_data(100, old_ntpw
, 16);
923 DEBUG(100, ("check_plaintext_password: lanman_passwd \n"));
924 dump_data(100, pdb_get_lanman_passwd(sampass
), 16);
925 DEBUG(100, ("check_plaintext_password: old_pw\n"));
926 dump_data(100, old_pw
, 16);
929 if (memcmp(pdb_get_nt_passwd(sampass
), old_ntpw
, 16)
930 && memcmp(pdb_get_lanman_passwd(sampass
), old_pw
, 16))