1996-05-04 07:50:46 +00:00
/*
2023-10-24 11:56:24 +02:00
* Unix SMB / CIFS implementation .
2001-06-29 08:04:12 +00:00
* Copyright ( C ) Jeremy Allison 1995 - 1998
* Copyright ( C ) Tim Potter 2001
2023-10-24 11:56:24 +02:00
*
2001-06-29 08:04:12 +00:00
* This program is free software ; you can redistribute it and / or modify it
* under the terms of the GNU General Public License as published by the
2007-07-09 19:25:36 +00:00
* Free Software Foundation ; either version 3 of the License , or ( at your
2001-06-29 08:04:12 +00:00
* option ) any later version .
2023-10-24 11:56:24 +02:00
*
1996-05-04 07:50:46 +00:00
* This program is distributed in the hope that it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
2023-10-24 11:56:24 +02:00
*
1996-05-04 07:50:46 +00:00
* You should have received a copy of the GNU General Public License along with
2007-07-10 05:23:25 +00:00
* this program ; if not , see < http : //www.gnu.org/licenses/>. */
1996-05-04 07:50:46 +00:00
# include "includes.h"
2011-02-25 17:14:22 +01:00
# include "system/passwd.h"
2010-08-05 02:25:37 +02:00
# include "secrets.h"
2010-08-02 22:52:00 +02:00
# include "../librpc/gen_ndr/samr.h"
2011-03-02 16:11:00 +01:00
# include "../lib/util/util_pw.h"
2017-08-18 16:10:06 +02:00
# include "libsmb/proto.h"
2011-03-18 18:58:37 +01:00
# include "passdb.h"
2018-08-20 15:38:33 -07:00
# include "cmdline_contexts.h"
2019-11-27 08:36:59 +01:00
# include "passwd_proto.h"
2020-08-07 11:17:34 -07:00
# include "lib/util/string_wrappers.h"
2023-08-14 06:57:27 +03:00
# include "lib/param/param.h"
2023-10-26 14:37:29 +02:00
# include "lib/util/memcache.h"
1996-05-04 07:50:46 +00:00
1998-11-18 22:04:24 +00:00
/*
* Next two lines needed for SunOS and don ' t
* hurt anything else . . .
*/
extern char * optarg ;
extern int optind ;
1998-04-25 01:12:08 +00:00
2002-04-02 06:18:13 +00:00
/* forced running in root-mode */
2007-10-18 17:40:25 -07:00
static bool got_username = False ;
static bool stdin_passwd_get = False ;
2004-07-15 00:03:14 +00:00
static fstring user_name ;
2002-04-02 06:18:13 +00:00
static char * new_passwd = NULL ;
2003-01-03 08:28:12 +00:00
static const char * remote_machine = NULL ;
2001-06-25 01:15:17 +00:00
2002-04-02 06:18:13 +00:00
static fstring ldap_secret ;
2004-02-02 00:08:35 +00:00
2002-04-02 06:18:13 +00:00
/*********************************************************
Print command usage on stderr and die .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-11-12 06:12:19 +00:00
static void usage ( void )
1996-05-04 07:50:46 +00:00
{
2001-11-19 08:12:06 +00:00
printf ( " When run by root: \n " ) ;
2004-07-15 00:03:14 +00:00
printf ( " smbpasswd [options] [username] \n " ) ;
2001-11-19 08:12:06 +00:00
printf ( " otherwise: \n " ) ;
2004-07-15 00:03:14 +00:00
printf ( " smbpasswd [options] \n \n " ) ;
2001-11-19 08:12:06 +00:00
1998-11-12 06:12:19 +00:00
printf ( " options: \n " ) ;
2002-04-03 16:44:15 +00:00
printf ( " -L local mode (must be first option) \n " ) ;
printf ( " -h print this usage message \n " ) ;
1998-11-12 06:12:19 +00:00
printf ( " -s use stdin for password prompt \n " ) ;
2002-04-03 16:44:15 +00:00
printf ( " -c smb.conf file Use the given path to the smb.conf file \n " ) ;
1998-11-12 06:12:19 +00:00
printf ( " -D LEVEL debug level \n " ) ;
printf ( " -r MACHINE remote machine \n " ) ;
2017-08-18 16:17:08 +02:00
printf ( " -U USER remote username (e.g. SAM/user) \n " ) ;
1998-11-12 06:12:19 +00:00
2001-11-19 08:12:06 +00:00
printf ( " extra options when run by root or in local mode: \n " ) ;
printf ( " -a add user \n " ) ;
printf ( " -d disable user \n " ) ;
printf ( " -e enable user \n " ) ;
2001-12-14 14:35:38 +00:00
printf ( " -i interdomain trust account \n " ) ;
2002-04-03 16:44:15 +00:00
printf ( " -m machine trust account \n " ) ;
printf ( " -n set no password \n " ) ;
2006-05-26 23:06:56 +00:00
printf ( " -W use stdin ldap admin password \n " ) ;
2003-09-15 14:13:35 +00:00
printf ( " -w PASSWORD ldap admin password \n " ) ;
2002-04-03 16:44:15 +00:00
printf ( " -x delete user \n " ) ;
printf ( " -R ORDER name resolve order \n " ) ;
2001-11-19 08:12:06 +00:00
1996-05-04 07:50:46 +00:00
exit ( 1 ) ;
}
1998-11-12 06:12:19 +00:00
static void set_line_buffering ( FILE * f )
1998-04-29 22:27:26 +00:00
{
1998-11-12 06:12:19 +00:00
setvbuf ( f , NULL , _IOLBF , 0 ) ;
1998-04-29 22:27:26 +00:00
}
2002-04-02 06:18:13 +00:00
/*******************************************************************
Process command line options
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-07-15 00:03:14 +00:00
2023-08-14 06:57:27 +03:00
static int process_options ( int argc , char * * argv , int local_flags ,
struct loadparm_context * lp_ctx )
2002-04-02 06:18:13 +00:00
{
int ch ;
2007-12-10 11:30:37 -08:00
const char * configfile = get_dyn_CONFIGFILE ( ) ;
2002-04-02 06:18:13 +00:00
2002-07-15 10:35:28 +00:00
local_flags | = LOCAL_SET_PASSWORD ;
2002-04-02 06:18:13 +00:00
ZERO_STRUCT ( user_name ) ;
user_name [ 0 ] = ' \0 ' ;
2017-08-18 16:17:08 +02:00
while ( ( ch = getopt ( argc , argv , " c:axdehminjr:sw:R:D:U:LWS: " ) ) ! = EOF ) {
2002-04-02 06:18:13 +00:00
switch ( ch ) {
case ' L ' :
2007-12-12 17:26:49 -08:00
if ( getuid ( ) ! = 0 ) {
fprintf ( stderr , " smbpasswd -L can only be used by root. \n " ) ;
exit ( 1 ) ;
}
2002-07-15 10:35:28 +00:00
local_flags | = LOCAL_AM_ROOT ;
2002-04-02 06:18:13 +00:00
break ;
case ' c ' :
2007-12-03 18:48:41 -08:00
configfile = optarg ;
2011-05-08 06:56:47 +02:00
set_dyn_CONFIGFILE ( optarg ) ;
2002-04-02 06:18:13 +00:00
break ;
case ' a ' :
local_flags | = LOCAL_ADD_USER ;
break ;
case ' x ' :
local_flags | = LOCAL_DELETE_USER ;
local_flags & = ~ LOCAL_SET_PASSWORD ;
break ;
case ' d ' :
local_flags | = LOCAL_DISABLE_USER ;
local_flags & = ~ LOCAL_SET_PASSWORD ;
break ;
case ' e ' :
local_flags | = LOCAL_ENABLE_USER ;
local_flags & = ~ LOCAL_SET_PASSWORD ;
break ;
case ' m ' :
local_flags | = LOCAL_TRUST_ACCOUNT ;
break ;
case ' i ' :
local_flags | = LOCAL_INTERDOM_ACCOUNT ;
break ;
case ' j ' :
2002-11-08 23:08:59 +00:00
d_printf ( " See 'net join' for this functionality \n " ) ;
2002-04-02 06:18:13 +00:00
exit ( 1 ) ;
break ;
case ' n ' :
local_flags | = LOCAL_SET_NO_PASSWORD ;
2002-07-15 10:35:28 +00:00
local_flags & = ~ LOCAL_SET_PASSWORD ;
2013-02-20 10:25:55 +01:00
SAFE_FREE ( new_passwd ) ;
2002-04-02 06:18:13 +00:00
new_passwd = smb_xstrdup ( " NO PASSWORD " ) ;
break ;
case ' r ' :
remote_machine = optarg ;
break ;
case ' s ' :
set_line_buffering ( stdin ) ;
set_line_buffering ( stdout ) ;
set_line_buffering ( stderr ) ;
stdin_passwd_get = True ;
break ;
case ' w ' :
local_flags | = LOCAL_SET_LDAP_ADMIN_PW ;
fstrcpy ( ldap_secret , optarg ) ;
break ;
case ' R ' :
2023-08-14 06:57:27 +03:00
lpcfg_set_cmdline ( lp_ctx , " name resolve order " , optarg ) ;
2002-04-02 06:18:13 +00:00
break ;
case ' D ' :
2023-08-14 06:57:27 +03:00
lpcfg_set_cmdline ( lp_ctx , " log level " , optarg ) ;
2002-04-02 06:18:13 +00:00
break ;
case ' U ' : {
got_username = True ;
fstrcpy ( user_name , optarg ) ;
break ;
2006-01-11 12:09:30 +00:00
case ' W ' :
local_flags | = LOCAL_SET_LDAP_ADMIN_PW ;
* ldap_secret = ' \0 ' ;
break ;
2002-04-02 06:18:13 +00:00
}
case ' h ' :
default :
usage ( ) ;
}
}
2007-12-03 18:48:41 -08:00
2002-04-02 06:18:13 +00:00
argc - = optind ;
argv + = optind ;
switch ( argc ) {
case 0 :
if ( ! got_username )
fstrcpy ( user_name , " " ) ;
break ;
case 1 :
2002-07-15 10:35:28 +00:00
if ( ! ( local_flags & LOCAL_AM_ROOT ) ) {
2004-07-15 00:03:14 +00:00
usage ( ) ;
2002-07-15 10:35:28 +00:00
} else {
if ( got_username ) {
usage ( ) ;
} else {
fstrcpy ( user_name , argv [ 0 ] ) ;
}
2002-04-02 06:18:13 +00:00
}
break ;
default :
usage ( ) ;
}
2011-07-28 10:27:43 +02:00
if ( ! lp_load_global ( configfile ) ) {
2023-10-24 11:56:24 +02:00
fprintf ( stderr , " Can't load %s - run testparm to debug it \n " ,
2007-04-04 06:03:54 +00:00
configfile ) ;
2002-07-15 10:35:28 +00:00
exit ( 1 ) ;
}
return local_flags ;
2002-04-02 06:18:13 +00:00
}
1998-09-24 22:33:13 +00:00
/*************************************************************
Utility function to prompt for new password .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
static char * prompt_for_new_password ( bool stdin_get )
1998-09-24 22:33:13 +00:00
{
1998-11-12 06:12:19 +00:00
char * p ;
2002-09-25 15:19:00 +00:00
fstring new_pw ;
1998-09-24 22:33:13 +00:00
2002-09-25 15:19:00 +00:00
ZERO_ARRAY ( new_pw ) ;
2008-09-01 21:28:57 +02:00
1998-11-12 06:12:19 +00:00
p = get_pass ( " New SMB password: " , stdin_get ) ;
2013-12-12 09:37:25 -08:00
if ( p = = NULL ) {
return NULL ;
}
1998-09-24 22:33:13 +00:00
2002-09-25 15:19:00 +00:00
fstrcpy ( new_pw , p ) ;
2001-09-17 11:48:29 +00:00
SAFE_FREE ( p ) ;
1998-09-24 22:33:13 +00:00
1998-11-12 06:12:19 +00:00
p = get_pass ( " Retype new SMB password: " , stdin_get ) ;
2013-12-12 09:37:25 -08:00
if ( p = = NULL ) {
return NULL ;
}
1998-09-24 22:33:13 +00:00
2002-09-25 15:19:00 +00:00
if ( strcmp ( p , new_pw ) ) {
1998-11-12 06:12:19 +00:00
fprintf ( stderr , " Mismatch - password unchanged. \n " ) ;
2002-09-25 15:19:00 +00:00
ZERO_ARRAY ( new_pw ) ;
2001-09-17 11:48:29 +00:00
SAFE_FREE ( p ) ;
1998-11-12 06:12:19 +00:00
return NULL ;
}
1998-09-24 22:33:13 +00:00
2000-07-26 03:55:17 +00:00
return p ;
1998-09-24 22:33:13 +00:00
}
1998-03-24 21:04:36 +00:00
1998-11-12 06:12:19 +00:00
/*************************************************************
2000-02-25 22:25:25 +00:00
Change a password either locally or remotely .
1998-11-12 06:12:19 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-02-25 22:25:25 +00:00
2017-08-18 16:13:15 +02:00
static NTSTATUS password_change ( const char * remote_mach ,
2017-08-18 16:14:57 +02:00
const char * domain , const char * username ,
2017-08-18 16:13:15 +02:00
const char * old_passwd , const char * new_pw ,
2006-02-03 22:19:41 +00:00
int local_flags )
1998-11-12 06:12:19 +00:00
{
2006-02-03 22:19:41 +00:00
NTSTATUS ret ;
2007-11-21 17:42:52 -08:00
char * err_str = NULL ;
char * msg_str = NULL ;
1998-11-12 23:49:32 +00:00
2002-09-25 15:19:00 +00:00
if ( remote_mach ! = NULL ) {
2009-05-16 18:10:39 -04:00
if ( local_flags & ( LOCAL_ADD_USER | LOCAL_DELETE_USER |
LOCAL_DISABLE_USER | LOCAL_ENABLE_USER |
LOCAL_TRUST_ACCOUNT | LOCAL_SET_NO_PASSWORD ) ) {
1998-11-12 06:12:19 +00:00
/* these things can't be done remotely yet */
2009-05-16 18:10:39 -04:00
fprintf ( stderr , " Invalid remote operation! \n " ) ;
2006-02-03 22:19:41 +00:00
return NT_STATUS_UNSUCCESSFUL ;
1998-11-12 06:12:19 +00:00
}
2017-08-18 16:08:46 +02:00
ret = remote_password_change ( remote_mach ,
2017-08-18 16:14:57 +02:00
domain , username ,
2007-11-23 12:04:35 +01:00
old_passwd , new_pw , & err_str ) ;
2009-05-16 18:10:39 -04:00
} else {
ret = local_password_change ( username , local_flags , new_pw ,
& err_str , & msg_str ) ;
1998-11-12 06:12:19 +00:00
}
2008-09-01 21:28:57 +02:00
2009-05-16 18:10:39 -04:00
if ( msg_str ) {
2005-04-09 00:50:12 +00:00
printf ( " %s " , msg_str ) ;
2009-05-16 18:10:39 -04:00
}
if ( err_str ) {
2005-04-08 22:58:07 +00:00
fprintf ( stderr , " %s " , err_str ) ;
2009-05-16 18:10:39 -04:00
}
if ( ! NT_STATUS_IS_OK ( ret ) & & ! err_str ) {
fprintf ( stderr , " Failed to change password! \n " ) ;
}
1998-11-12 23:49:32 +00:00
2007-11-21 17:42:52 -08:00
SAFE_FREE ( msg_str ) ;
SAFE_FREE ( err_str ) ;
1998-11-12 23:49:32 +00:00
return ret ;
1998-11-12 06:12:19 +00:00
}
2001-12-13 18:09:29 +00:00
/*******************************************************************
Store the LDAP admin password in secrets . tdb
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
static bool store_ldap_admin_pw ( char * pw )
2023-10-24 11:56:24 +02:00
{
if ( ! pw )
2001-12-13 18:09:29 +00:00
return False ;
if ( ! secrets_init ( ) )
return False ;
2008-09-01 21:28:57 +02:00
2019-11-04 17:54:23 +01:00
return secrets_store_ldap_pw ( lp_ldap_admin_dn ( ) , pw ) ;
2001-12-13 18:09:29 +00:00
}
1998-11-12 06:12:19 +00:00
2002-04-02 06:18:13 +00:00
1998-11-12 06:12:19 +00:00
/*************************************************************
2000-02-25 22:25:25 +00:00
Handle password changing for root .
1998-11-12 06:12:19 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-02-25 22:25:25 +00:00
2002-07-15 10:35:28 +00:00
static int process_root ( int local_flags )
1998-11-12 06:12:19 +00:00
{
struct passwd * pwd ;
2002-04-02 06:18:13 +00:00
int result = 0 ;
2002-07-15 10:35:28 +00:00
char * old_passwd = NULL ;
1998-11-12 06:12:19 +00:00
2004-02-23 20:12:31 +00:00
if ( local_flags & LOCAL_SET_LDAP_ADMIN_PW ) {
2019-11-04 17:54:23 +01:00
const char * ldap_admin_dn = lp_ldap_admin_dn ( ) ;
2006-01-26 00:14:25 +00:00
if ( ! * ldap_admin_dn ) {
DEBUG ( 0 , ( " ERROR: 'ldap admin dn' not defined! Please check your smb.conf \n " ) ) ;
goto done ;
}
printf ( " Setting stored password for \" %s \" in secrets.tdb \n " , ldap_admin_dn ) ;
2006-01-11 12:09:30 +00:00
if ( ! * ldap_secret ) {
new_passwd = prompt_for_new_password ( stdin_passwd_get ) ;
2013-12-12 09:37:25 -08:00
if ( new_passwd = = NULL ) {
fprintf ( stderr , " Failed to read new password! \n " ) ;
exit ( 1 ) ;
}
2006-01-11 12:09:30 +00:00
fstrcpy ( ldap_secret , new_passwd ) ;
}
2006-01-26 00:14:25 +00:00
if ( ! store_ldap_admin_pw ( ldap_secret ) ) {
2001-12-13 18:09:29 +00:00
DEBUG ( 0 , ( " ERROR: Failed to store the ldap admin password! \n " ) ) ;
2006-01-26 00:14:25 +00:00
}
2001-12-13 18:09:29 +00:00
goto done ;
}
2002-04-02 06:18:13 +00:00
2004-02-25 22:01:02 +00:00
/* Ensure passdb startup(). */
2007-03-11 16:49:16 +00:00
if ( ! initialize_password_db ( False , NULL ) ) {
2004-02-25 22:01:02 +00:00
DEBUG ( 0 , ( " Failed to open passdb! \n " ) ) ;
exit ( 1 ) ;
}
2008-09-01 21:28:57 +02:00
2004-02-23 20:12:31 +00:00
/* Ensure we have a SAM sid. */
get_global_sam_sid ( ) ;
1998-11-12 06:12:19 +00:00
/*
2001-04-24 16:44:28 +00:00
* Ensure both add / delete user are not set
2000-02-25 22:25:25 +00:00
* Ensure add / delete user and either remote machine or join domain are
1998-11-12 06:12:19 +00:00
* not both set .
2023-10-24 11:56:24 +02:00
*/
if ( ( ( local_flags & ( LOCAL_ADD_USER | LOCAL_DELETE_USER ) ) = = ( LOCAL_ADD_USER | LOCAL_DELETE_USER ) ) | |
( ( local_flags & ( LOCAL_ADD_USER | LOCAL_DELETE_USER ) ) & &
2001-12-05 11:00:26 +00:00
( remote_machine ! = NULL ) ) ) {
1998-11-12 06:12:19 +00:00
usage ( ) ;
}
2008-09-01 21:28:57 +02:00
2001-01-11 23:21:17 +00:00
/* Only load interfaces if we are doing network operations. */
2001-12-05 11:00:26 +00:00
if ( remote_machine ) {
2001-01-11 23:21:17 +00:00
load_interfaces ( ) ;
}
2010-09-25 16:28:21 -07:00
if ( ! user_name [ 0 ] & & ( pwd = getpwuid_alloc ( talloc_tos ( ) , geteuid ( ) ) ) ) {
2001-06-29 08:04:12 +00:00
fstrcpy ( user_name , pwd - > pw_name ) ;
2006-02-20 17:59:58 +00:00
TALLOC_FREE ( pwd ) ;
2023-10-24 11:56:24 +02:00
}
1998-11-12 06:12:19 +00:00
2001-06-29 08:04:12 +00:00
if ( ! user_name [ 0 ] ) {
1998-11-12 06:12:19 +00:00
fprintf ( stderr , " You must specify a username \n " ) ;
exit ( 1 ) ;
}
2000-02-25 22:25:25 +00:00
if ( local_flags & LOCAL_TRUST_ACCOUNT ) {
1998-11-12 06:12:19 +00:00
/* add the $ automatically */
s3-utils: fix format-truncation in smbpasswd
../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2018-05-08 14:13:56 +02:00
size_t user_name_len = strlen ( user_name ) ;
1998-11-12 06:12:19 +00:00
s3-utils: fix format-truncation in smbpasswd
../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2018-05-08 14:13:56 +02:00
if ( user_name [ user_name_len - 1 ] = = ' $ ' ) {
user_name_len - - ;
} else {
if ( user_name_len + 2 > sizeof ( user_name ) ) {
fprintf ( stderr , " machine name too long \n " ) ;
exit ( 1 ) ;
}
user_name [ user_name_len ] = ' $ ' ;
user_name [ user_name_len + 1 ] = ' \0 ' ;
1998-11-16 20:19:57 +00:00
}
2000-02-25 22:25:25 +00:00
if ( local_flags & LOCAL_ADD_USER ) {
2001-09-17 11:48:29 +00:00
SAFE_FREE ( new_passwd ) ;
s3-utils: fix format-truncation in smbpasswd
../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2018-05-08 14:13:56 +02:00
/*
* Remove any trailing ' $ ' before we
* generate the initial machine password .
*/
new_passwd = smb_xstrndup ( user_name , user_name_len ) ;
2012-08-08 17:01:00 -07:00
if ( ! strlower_m ( new_passwd ) ) {
fprintf ( stderr , " strlower_m %s failed \n " ,
new_passwd ) ;
exit ( 1 ) ;
}
1998-11-12 06:12:19 +00:00
}
2001-12-14 14:35:38 +00:00
} else if ( local_flags & LOCAL_INTERDOM_ACCOUNT ) {
s3-utils: fix format-truncation in smbpasswd
../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2018-05-08 14:13:56 +02:00
size_t user_name_len = strlen ( user_name ) ;
if ( user_name [ user_name_len - 1 ] ! = ' $ ' ) {
if ( user_name_len + 2 > sizeof ( user_name ) ) {
fprintf ( stderr , " machine name too long \n " ) ;
exit ( 1 ) ;
}
user_name [ user_name_len ] = ' $ ' ;
user_name [ user_name_len + 1 ] = ' \0 ' ;
}
2001-12-14 14:35:38 +00:00
2003-07-15 16:07:50 +00:00
if ( ( local_flags & LOCAL_ADD_USER ) & & ( new_passwd = = NULL ) ) {
2001-12-14 14:35:38 +00:00
/*
* Prompt for trusting domain ' s account password
*/
new_passwd = prompt_for_new_password ( stdin_passwd_get ) ;
if ( ! new_passwd ) {
fprintf ( stderr , " Unable to get newpassword. \n " ) ;
exit ( 1 ) ;
}
}
2001-12-05 11:00:26 +00:00
} else {
2008-09-01 21:28:57 +02:00
2001-12-05 11:00:26 +00:00
if ( remote_machine ! = NULL ) {
old_passwd = get_pass ( " Old SMB password: " , stdin_passwd_get ) ;
2009-06-19 16:44:15 -07:00
if ( ! old_passwd ) {
fprintf ( stderr , " Unable to get old password. \n " ) ;
exit ( 1 ) ;
}
2001-12-05 11:00:26 +00:00
}
2008-09-01 21:28:57 +02:00
2001-12-05 11:00:26 +00:00
if ( ! ( local_flags & LOCAL_SET_PASSWORD ) ) {
2008-09-01 21:28:57 +02:00
2001-12-05 11:00:26 +00:00
/*
* If we are trying to enable a user , first we need to find out
* if they are using a modern version of the smbpasswd file that
* disables a user by just writing a flag into the file . If so
* then we can re - enable a user without prompting for a new
* password . If not ( ie . they have a no stored password in the
* smbpasswd file ) then we need to prompt for a new password .
*/
2008-09-01 21:28:57 +02:00
2001-12-05 11:00:26 +00:00
if ( local_flags & LOCAL_ENABLE_USER ) {
2006-02-20 20:09:36 +00:00
struct samu * sampass = NULL ;
2008-09-01 21:28:57 +02:00
2006-02-21 14:34:11 +00:00
sampass = samu_new ( NULL ) ;
2006-06-15 01:54:09 +00:00
if ( ! sampass ) {
fprintf ( stderr , " talloc fail for struct samu. \n " ) ;
exit ( 1 ) ;
}
if ( ! pdb_getsampwnam ( sampass , user_name ) ) {
fprintf ( stderr , " Failed to find user %s in passdb backend. \n " ,
user_name ) ;
exit ( 1 ) ;
}
if ( pdb_get_nt_passwd ( sampass ) = = NULL ) {
2001-12-05 11:00:26 +00:00
local_flags | = LOCAL_SET_PASSWORD ;
}
2006-02-20 20:09:36 +00:00
TALLOC_FREE ( sampass ) ;
1998-11-12 20:22:11 +00:00
}
}
2008-09-01 21:28:57 +02:00
2003-07-15 16:07:50 +00:00
if ( ( local_flags & LOCAL_SET_PASSWORD ) & & ( new_passwd = = NULL ) ) {
2009-01-09 15:54:16 +01:00
2001-12-05 11:00:26 +00:00
new_passwd = prompt_for_new_password ( stdin_passwd_get ) ;
if ( ! new_passwd ) {
fprintf ( stderr , " Unable to get new password. \n " ) ;
exit ( 1 ) ;
}
1999-12-13 13:27:58 +00:00
}
1999-03-19 05:00:39 +00:00
}
2001-12-05 11:00:26 +00:00
2017-08-18 16:14:57 +02:00
if ( ! NT_STATUS_IS_OK ( password_change ( remote_machine ,
NULL , user_name ,
2006-02-03 22:19:41 +00:00
old_passwd , new_passwd ,
local_flags ) ) ) {
2000-07-26 03:55:17 +00:00
result = 1 ;
goto done ;
2023-10-24 11:56:24 +02:00
}
1998-11-12 06:12:19 +00:00
2002-03-27 19:20:48 +00:00
if ( remote_machine ) {
printf ( " Password changed for user %s on %s. \n " , user_name , remote_machine ) ;
} else if ( ! ( local_flags & ( LOCAL_ADD_USER | LOCAL_DISABLE_USER | LOCAL_ENABLE_USER | LOCAL_DELETE_USER | LOCAL_SET_NO_PASSWORD | LOCAL_SET_PASSWORD ) ) ) {
2006-02-20 20:09:36 +00:00
struct samu * sampass = NULL ;
2008-09-01 21:28:57 +02:00
2006-02-21 14:34:11 +00:00
sampass = samu_new ( NULL ) ;
2006-06-15 10:06:09 +00:00
if ( ! sampass ) {
2006-06-15 01:54:09 +00:00
fprintf ( stderr , " talloc fail for struct samu. \n " ) ;
exit ( 1 ) ;
}
if ( ! pdb_getsampwnam ( sampass , user_name ) ) {
fprintf ( stderr , " Failed to find user %s in passdb backend. \n " ,
user_name ) ;
exit ( 1 ) ;
}
2001-05-04 15:44:27 +00:00
1999-12-13 13:27:58 +00:00
printf ( " Password changed for user %s. " , user_name ) ;
2006-06-15 01:54:09 +00:00
if ( pdb_get_acct_ctrl ( sampass ) & ACB_DISABLED ) {
1999-12-13 13:27:58 +00:00
printf ( " User has disabled flag set. " ) ;
2006-06-15 01:54:09 +00:00
}
if ( pdb_get_acct_ctrl ( sampass ) & ACB_PWNOTREQ ) {
1999-12-13 13:27:58 +00:00
printf ( " User has no password flag set. " ) ;
2006-06-15 01:54:09 +00:00
}
1999-12-13 13:27:58 +00:00
printf ( " \n " ) ;
2006-02-20 20:09:36 +00:00
TALLOC_FREE ( sampass ) ;
1998-11-12 06:12:19 +00:00
}
2000-07-26 03:55:17 +00:00
done :
2009-06-19 16:44:15 -07:00
SAFE_FREE ( old_passwd ) ;
2001-09-17 11:48:29 +00:00
SAFE_FREE ( new_passwd ) ;
2000-07-26 03:55:17 +00:00
return result ;
1998-11-12 06:12:19 +00:00
}
2002-04-02 06:18:13 +00:00
/*************************************************************
Handle password changing for non - root .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-07-15 10:35:28 +00:00
static int process_nonroot ( int local_flags )
1998-11-12 06:12:19 +00:00
{
struct passwd * pwd = NULL ;
2002-04-02 06:18:13 +00:00
int result = 0 ;
2002-12-12 20:50:31 +00:00
char * old_pw = NULL ;
char * new_pw = NULL ;
2017-08-18 16:17:08 +02:00
const char * username = user_name ;
const char * domain = NULL ;
char * p = NULL ;
2002-07-15 10:35:28 +00:00
if ( local_flags & ~ ( LOCAL_AM_ROOT | LOCAL_SET_PASSWORD ) ) {
/* Extra flags that we can't honor non-root */
usage ( ) ;
}
1998-11-12 06:12:19 +00:00
2002-04-02 06:18:13 +00:00
if ( ! user_name [ 0 ] ) {
2010-09-25 16:28:21 -07:00
pwd = getpwuid_alloc ( talloc_tos ( ) , getuid ( ) ) ;
1998-11-12 06:12:19 +00:00
if ( pwd ) {
2002-04-02 06:18:13 +00:00
fstrcpy ( user_name , pwd - > pw_name ) ;
2006-02-20 17:59:58 +00:00
TALLOC_FREE ( pwd ) ;
1998-11-12 06:12:19 +00:00
} else {
2005-04-08 22:58:07 +00:00
fprintf ( stderr , " smbpasswd: cannot lookup user name for uid %u \n " , ( unsigned int ) getuid ( ) ) ;
1998-11-12 06:12:19 +00:00
exit ( 1 ) ;
}
}
2008-09-01 21:28:57 +02:00
2017-08-18 16:17:08 +02:00
/* Allow domain as part of the username */
if ( ( p = strchr_m ( user_name , ' \\ ' ) ) | |
( p = strchr_m ( user_name , ' / ' ) ) | |
( p = strchr_m ( user_name , * lp_winbind_separator ( ) ) ) ) {
* p = ' \0 ' ;
username = p + 1 ;
domain = user_name ;
}
1998-11-12 06:12:19 +00:00
/*
* A non - root user is always setting a password
* via a remote machine ( even if that machine is
* localhost ) .
2023-10-24 11:56:24 +02:00
*/
2001-01-11 23:21:17 +00:00
load_interfaces ( ) ; /* Delayed from main() */
2017-08-18 16:17:08 +02:00
if ( remote_machine ! = NULL ) {
if ( ! is_ipaddress ( remote_machine ) ) {
domain = remote_machine ;
}
} else {
1998-11-12 06:12:19 +00:00
remote_machine = " 127.0.0.1 " ;
2017-08-18 16:17:08 +02:00
/*
* If we deal with a local user , change the password for the
* user in our SAM .
*/
domain = get_global_sam_name ( ) ;
1998-11-12 06:12:19 +00:00
}
2017-08-22 15:46:07 +02:00
old_pw = get_pass ( " Old SMB password: " , stdin_passwd_get ) ;
if ( old_pw = = NULL ) {
fprintf ( stderr , " Unable to get old password. \n " ) ;
exit ( 1 ) ;
1998-11-12 06:12:19 +00:00
}
2008-09-01 21:28:57 +02:00
1998-11-12 06:12:19 +00:00
if ( ! new_passwd ) {
2002-12-12 20:50:31 +00:00
new_pw = prompt_for_new_password ( stdin_passwd_get ) ;
1998-11-12 06:12:19 +00:00
}
2002-12-12 20:50:31 +00:00
else
new_pw = smb_xstrdup ( new_passwd ) ;
2008-09-01 21:28:57 +02:00
2002-12-12 20:50:31 +00:00
if ( ! new_pw ) {
1999-12-13 13:27:58 +00:00
fprintf ( stderr , " Unable to get new password. \n " ) ;
exit ( 1 ) ;
1998-11-12 06:12:19 +00:00
}
2017-08-18 16:14:57 +02:00
if ( ! NT_STATUS_IS_OK ( password_change ( remote_machine ,
2017-08-18 16:17:08 +02:00
domain , username ,
2017-08-18 16:14:57 +02:00
old_pw , new_pw , 0 ) ) ) {
2000-07-26 03:55:17 +00:00
result = 1 ;
goto done ;
1998-11-12 06:12:19 +00:00
}
2017-08-18 16:17:08 +02:00
printf ( " Password changed for user %s \n " , username ) ;
2000-07-26 03:55:17 +00:00
done :
2002-12-12 20:50:31 +00:00
SAFE_FREE ( old_pw ) ;
SAFE_FREE ( new_pw ) ;
2000-07-26 03:55:17 +00:00
return result ;
1998-11-12 06:12:19 +00:00
}
/*********************************************************
Start here .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int main ( int argc , char * * argv )
2023-10-24 11:56:24 +02:00
{
2007-09-04 05:39:06 +00:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2023-08-14 06:57:27 +03:00
struct loadparm_context * lp_ctx = NULL ;
2023-10-26 14:37:29 +02:00
struct memcache * mcache = NULL ;
2002-07-15 10:35:28 +00:00
int local_flags = 0 ;
2007-09-04 05:39:06 +00:00
int ret ;
2008-09-01 21:28:57 +02:00
2023-10-26 14:37:29 +02:00
mcache = memcache_init ( NULL , 0 ) ;
if ( mcache = = NULL ) {
fprintf ( stderr , " %s: memcache_init failed \n " , __location__ ) ;
return 1 ;
}
memcache_set_global ( mcache ) ;
1999-12-13 13:27:58 +00:00
# if defined(HAVE_SET_AUTH_PARAMETERS)
set_auth_parameters ( argc , argv ) ;
# endif /* HAVE_SET_AUTH_PARAMETERS */
2002-07-15 10:35:28 +00:00
if ( getuid ( ) = = 0 ) {
local_flags = LOCAL_AM_ROOT ;
}
2015-03-21 20:00:06 +01:00
smb_init_locale ( ) ;
2005-12-28 21:10:11 +00:00
2023-08-14 06:57:27 +03:00
lp_ctx = loadparm_init_s3 ( frame , loadparm_s3_helpers ( ) ) ;
if ( lp_ctx = = NULL ) {
fprintf ( stderr ,
" Failed to initialise the global parameter structure. \n " ) ;
return 1 ;
}
local_flags = process_options ( argc , argv , local_flags , lp_ctx ) ;
2002-04-02 06:18:13 +00:00
2010-10-29 14:19:32 +11:00
setup_logging ( " smbpasswd " , DEBUG_STDERR ) ;
2008-09-01 21:28:57 +02:00
1998-11-12 06:12:19 +00:00
/* Check the effective uid - make sure we are not setuid */
2001-10-31 01:52:34 +00:00
if ( is_setuid_root ( ) ) {
1998-11-12 06:12:19 +00:00
fprintf ( stderr , " smbpasswd must *NOT* be setuid root. \n " ) ;
exit ( 1 ) ;
}
2002-07-15 10:35:28 +00:00
if ( local_flags & LOCAL_AM_ROOT ) {
2012-12-14 18:14:34 +01:00
bool ok ;
ok = secrets_init ( ) ;
if ( ! ok ) {
return 1 ;
}
2012-07-18 04:58:31 +09:30
ret = process_root ( local_flags ) ;
} else {
ret = process_nonroot ( local_flags ) ;
}
2023-10-24 11:54:47 +02:00
gfree_all ( ) ;
2007-09-04 05:39:06 +00:00
TALLOC_FREE ( frame ) ;
return ret ;
1996-05-04 07:50:46 +00:00
}