svn commit: samba r2146 - in trunk/source/rpc_server: .

Tue Aug 31 20:33:04 GMT 2004

Author: abartlet
Date: 2004-08-31 20:33:03 +0000 (Tue, 31 Aug 2004)
New Revision: 2146

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/trunk/source/rpc_server&rev=2146&nolog=1

Log:
Merge 'don't change the machine accont password if it wasn't changed'
fix from Samba 3.0 -> trunk.

This change also sets the LM hash to NULL for machine accounts (like
we already do for long passwords, and as we find vampired machines).

Andrew Bartlett

Modified:
   trunk/source/rpc_server/srv_netlog_nt.c


Changeset:
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===================================================================

--- trunk/source/rpc_server/srv_netlog_nt.c	2004-08-31 20:29:22 UTC (rev 2145)
+++ trunk/source/rpc_server/srv_netlog_nt.c	2004-08-31 20:33:03 UTC (rev 2146)
@@ -445,6 +445,7 @@
 	unsigned char pwd[16];
 	int i;
 	uint32 acct_ctrl;
+	const uchar *old_pw;
 
 	/* checks and updates credentials.  creates reply credentials */
 	if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
@@ -482,34 +483,43 @@
 		return NT_STATUS_ACCOUNT_DISABLED;
 	}
 
+	cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
+
 	DEBUG(100,("Server password set : new given value was :\n"));
 	for(i = 0; i < 16; i++)
 		DEBUG(100,("%02X ", q_u->pwd[i]));
 	DEBUG(100,("\n"));
 
-	cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
+	old_pw = pdb_get_nt_passwd(sampass);
 
-	/* lies!  nt and lm passwords are _not_ the same: don't care */
-	if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) {
-		pdb_free_sam(&sampass);
-		return NT_STATUS_NO_MEMORY;
-	}
+	if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
+		/* Avoid backend modificiations and other fun if the 
+		   client changed the password to the *same thing* */
 
-	if (!pdb_set_nt_passwd     (sampass, pwd, PDB_CHANGED)) {
-		pdb_free_sam(&sampass);
-		return NT_STATUS_NO_MEMORY;
-	}
+		ret = True;
+	} else {
 
-	if (!pdb_set_pass_changed_now     (sampass)) {
-		pdb_free_sam(&sampass);
-		/* Not quite sure what this one qualifies as, but this will do */
-		return NT_STATUS_UNSUCCESSFUL; 
+		/* LM password should be NULL for machines */
+		if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) {
+			pdb_free_sam(&sampass);
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		if (!pdb_set_nt_passwd     (sampass, pwd, PDB_CHANGED)) {
+			pdb_free_sam(&sampass);
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+		if (!pdb_set_pass_changed_now     (sampass)) {
+			pdb_free_sam(&sampass);
+			/* Not quite sure what this one qualifies as, but this will do */
+			return NT_STATUS_UNSUCCESSFUL; 
+		}
+		
+		become_root();
+		ret = pdb_update_sam_account (sampass);
+		unbecome_root();
 	}
- 
-	become_root();
-	ret = pdb_update_sam_account (sampass);
-	unbecome_root();
- 
 	if (ret)
 		status = NT_STATUS_OK;
 

