Password changing - root bug?
Pierre Belanger
belanger at pobox.com
Thu Feb 13 00:21:11 GMT 2003
Hello all,
While digging (yes I'm still ;-) into the password changing code
I found something that I find strange.
We know that running smbpasswd on the locally as non-root
or root, it's two different paths in the code. Here's where
I want to get.
As non-root, smbpasswd connects to the smbd. Soon or later,
smbd ends up in chgpasswd() file "smbd/chgpasswd.c".
chgpasswd() calls:
- change_oem_password()
- pdb_update_sam_account()
In "change_oem_password()" beginning @ line # 510 it says:
* Check the old and new passwords don't contain any control
* characters.
If there is a ctrl character in the password, it won't change
it, and it returns an error to chgpasswd(). The code will never
reach pdb_update_sam_account() .
Running smbpasswd locally as root, it's possible to put ctrl
characters in the "new password". I did not find a place, yet!,
check for ctrl characters. From my tests, it's not possible to
log on a Windows machine using ctrl characters in a password.
Shouldn't we verify somewhere in the "pdb_*" code if there's
a ctrl char in the new password? Or perhaps in
"pdb_set_plaintext_passwd" or perhaps far in the code, in
"pdb_set_{nt_passwd|lanman_passwd|...}" ??
I could have dig a little bit more, I'll leave this in expert
hands!
Thank you,
Pierre B.
More information about the samba-technical
mailing list