Author: abartlet Date: 2004-08-31 20:33:03 +0000 (Tue, 31 Aug 2004) New Revision: 2146
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/trunk/source/rpc_server&rev=2146&nolog=1 Log: Merge 'don't change the machine accont password if it wasn't changed' fix from Samba 3.0 -> trunk. This change also sets the LM hash to NULL for machine accounts (like we already do for long passwords, and as we find vampired machines). Andrew Bartlett Modified: trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog_nt.c =================================================================== --- trunk/source/rpc_server/srv_netlog_nt.c 2004-08-31 20:29:22 UTC (rev 2145) +++ trunk/source/rpc_server/srv_netlog_nt.c 2004-08-31 20:33:03 UTC (rev 2146) @@ -445,6 +445,7 @@ unsigned char pwd[16]; int i; uint32 acct_ctrl; + const uchar *old_pw; /* checks and updates credentials. creates reply credentials */ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) @@ -482,34 +483,43 @@ return NT_STATUS_ACCOUNT_DISABLED; } + cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0); + DEBUG(100,("Server password set : new given value was :\n")); for(i = 0; i < 16; i++) DEBUG(100,("%02X ", q_u->pwd[i])); DEBUG(100,("\n")); - cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0); + old_pw = pdb_get_nt_passwd(sampass); - /* lies! nt and lm passwords are _not_ the same: don't care */ - if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) { - pdb_free_sam(&sampass); - return NT_STATUS_NO_MEMORY; - } + if (old_pw && memcmp(pwd, old_pw, 16) == 0) { + /* Avoid backend modificiations and other fun if the + client changed the password to the *same thing* */ - if (!pdb_set_nt_passwd (sampass, pwd, PDB_CHANGED)) { - pdb_free_sam(&sampass); - return NT_STATUS_NO_MEMORY; - } + ret = True; + } else { - if (!pdb_set_pass_changed_now (sampass)) { - pdb_free_sam(&sampass); - /* Not quite sure what this one qualifies as, but this will do */ - return NT_STATUS_UNSUCCESSFUL; + /* LM password should be NULL for machines */ + if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_nt_passwd (sampass, pwd, PDB_CHANGED)) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_pass_changed_now (sampass)) { + pdb_free_sam(&sampass); + /* Not quite sure what this one qualifies as, but this will do */ + return NT_STATUS_UNSUCCESSFUL; + } + + become_root(); + ret = pdb_update_sam_account (sampass); + unbecome_root(); } - - become_root(); - ret = pdb_update_sam_account (sampass); - unbecome_root(); - if (ret) status = NT_STATUS_OK;