Password changing - root bug?

Pierre Belanger belanger at
Thu Feb 13 00:21:11 GMT 2003

Hello all,

While digging (yes I'm still ;-) into the password changing code
I found something that I find strange.

We know that running smbpasswd on the locally as non-root
or root, it's two different paths in the code. Here's where
I want to get.

As non-root, smbpasswd connects to the smbd. Soon or later,
smbd ends up in chgpasswd() file "smbd/chgpasswd.c".

chgpasswd() calls:
   - change_oem_password()
   - pdb_update_sam_account()

In "change_oem_password()" beginning @ line # 510 it says:

   * Check the old and new passwords don't contain any control
   * characters.

If there is a ctrl character in the password, it won't change
it, and it returns an error to chgpasswd(). The code will never
reach pdb_update_sam_account() .

Running smbpasswd locally as root, it's possible to put ctrl
characters in the "new password". I did not find a place, yet!,
check for ctrl characters. From my tests, it's not possible to
log on a Windows machine using ctrl characters in a password.

Shouldn't we verify somewhere in the "pdb_*" code if there's
a ctrl char in the new password? Or perhaps in
"pdb_set_plaintext_passwd" or perhaps far in the code, in
"pdb_set_{nt_passwd|lanman_passwd|...}" ??

I could have dig a little bit more, I'll leave this in expert

Thank you,
Pierre B.

More information about the samba-technical mailing list