CVS update: samba/source

[Jeremy Allison]

Jean-Francois Micouleau wrote:
> 
> If I compile samba with -DALLOW_CHANGE_PASSWORD, will smbpasswd be able to
> also change the password in /etc/passwd for a user ?
> 

It could - but doesn't by default.

> I ask that because if I read the code of smbpasswd.c correctly you're
> sending the password in 'clear text' to smbd. So smbd should be able to
> change the UNIX password too. That's really cool so.
> 

It doesn't go over the wire in clear text - that's
the big plus with this code.

There is a big comment in ipc.c on where to add
the functionality you want - look for the
check_oem_password() call in ipc.c. The comment
is just after that.

The problem is that we only have the cleartext
of the *new* password. The current unix password
change code in Samba needs both the new and the
old cleartext of the UNIX password in order to
do the change (it's calling the standard system
passwd command - via the script code).

Now with a bit of work, and wrapping the change
password code in a become_root()/unbecome_root()
pair we should be able to make use of the fact
that calling the passwd program as root allows
a users password to be changed without needing
the old cleartext password.

But this means messing with the rather fiddly
change password code, and I was intending to
go through that code in much more detail before
messing with it :-).

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------