user password changes failing due to RPC bind authentication failing

Gerald (Jerry) Carter jerry at samba.org
Mon Jul 3 14:37:44 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://bugzilla.samba.org/show_bug.cgi?id=3908

Simple fix.  Just wrap the auth_ntlmssp_update() call in a
{become,unbecome}_root() block.  Otherwise, smbd cannot access
the user's password to verify the bind.

Do any of the NTLMSSP gurus see a problem with this?
(patch attached).






cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEqSu4IR7qMdg1EfYRAtuuAKCt1u2QnHnCMUeG2lIA7duNCgwe9wCguEny
U2vWmnSgJSaWA7kLE4X8trs=
=oDz9
-----END PGP SIGNATURE-----
-------------- next part --------------
=== modified file 'source/rpc_server/srv_pipe.c'
--- source/rpc_server/srv_pipe.c	
+++ source/rpc_server/srv_pipe.c	
@@ -620,7 +620,10 @@
 	p->pipe_user.ut.ngroups = 0;
 	SAFE_FREE( p->pipe_user.ut.groups);
 
+	/* this has to be done as root in order to verify the password */
+	become_root();
 	status = auth_ntlmssp_update(a, *p_resp_blob, &reply);
+	unbecome_root();
 
 	/* Don't generate a reply. */
 	data_blob_free(&reply);


More information about the samba-technical mailing list