Possible bug changing smb password from Win98
Jeremy Allison
jeremy at valinux.com
Thu Dec 30 01:02:00 GMT 1999
Shirish Kalele wrote:
>
> Hi,
>
> I think I might have found a possible bug in the SetUserPassword Remote API
> code in Samba 2.0.6. I'm working with Windows 98, without domains and
> without unix password sync in Samba 2.0.6 (encrypt passwords and user level
> security set in smb.conf) on a Solaris 7 platform. What I'm testing is
> changing a user's SMB password on the samba server from Win98 using the net
> pass command. This works when changing a user password on a NT server but
> not with samba. Has anyone else tried this successfully?
>
> I traced the problem to the api_SetUserPassword function in smbd/ipc.c.
> Win98 (even with password encryption set), sends the username, old and new
> passwords in cleartext for the SetUserPassword call over the LANMAN pipe. So
> what should happen is that the old password sent is hashed and tested
> against the smbpasswd file entry for the user and then new NT and LM hashes
> should be generated for the entry from the new password sent again in
> cleartext.
>
> However, from the code, it appears that first if the old plaintext password
> is verified, the new password is set using the unix passwd program (no
> modification to smbpasswd!?) Otherwise, it is assumed that the old password
> in the remote API call is the LM hash of the password encrypted with the
> key.. And the code tries to check this and of course, fails because the
> username, old and new passwords are all sent in plaintext..
Ah. I had no idea Win98 did anything this dumb :-).
Can you send me your traces, this definately looks like a
bug I need to fix.
Thanks,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list