A bug in password checking code?

Vladimir G. Tupitsin tvg at cctelcom.nsu.ru
Tue Feb 13 08:49:42 GMT 2001 

Hello,

  I encountered a problem using Samba. I managed to solve it but I am
not sure I've done it completely correctly (as I am not a Samba
developer and not an experienced Unix programmer).

  I am using Samba v2.0.7 on Linux 2.0.36 with shadow passwords. I am
using Unix passwords authentication (without encrypted passwords and
smbpasswd file). The relevant excerpts from the smb.conf file:

   wins support = yes
   domain logons = yes
   domain master = yes
   local master = yes
   preferred master = yes
   security = user
   encrypt passwords = no
   smbrun = /usr/local/samba/bin/smbrun
   passwd program = /usr/bin/yppasswd
   passwd chat = *ld*password:* %o\n *ew*password:* %n\n *etype*new*password:* \
%n\n "*sword has been changed*"

  When a Win95 user tries to change the password with "net password"
command, the attempt failed. Digging into the sources I came to the
following:

File passdb/pass_check.c, function pass_check:

ifdef HAVE_GETSPNAM
        {
                struct spwd *spass;

                /* many shadow systems require you to be root to get
                   the password, in most cases this should already be
                   the case when this function is called, except
                   perhaps for IPC password changing requests */

                spass = getspnam(pass->pw_name);
                if (spass && spass->sp_pwdp) {
                        pstrcpy(pass->pw_passwd,spass->sp_pwdp);
                }
        }
#elif defined(IA_UINFO)

  According to the comment, for password changing the euid can be not
0. I made the following change:

*** pass_check.c.orig   Wed Jul 21 08:25:12 1999
--- pass_check.c        Tue Feb 13 10:21:22 2001
***************
*** 798,803 ****
--- 798,805 ----

  #ifdef HAVE_GETSPNAM
        {
+               uid_t uid;      /* added by Tupitsin */
+
                struct spwd *spass;

                /* many shadow systems require you to be root to get
***************
*** 805,814 ****
--- 807,819 ----
                   the case when this function is called, except
                   perhaps for IPC password changing requests */

+               uid = geteuid();        /* added by Tupitsin */
+               seteuid(0);             /* added by Tupitsin */
                spass = getspnam(pass->pw_name);
                if (spass && spass->sp_pwdp) {
                        pstrcpy(pass->pw_passwd,spass->sp_pwdp);
                }
+               seteuid(uid);           /* added by Tupitsin */
        }
  #elif defined(IA_UINFO)
        {

  The wrong behavior vanished (Win95 users can successfully change the
password after this change). But I am not completely sure that I didn't
break something else with this change.
        
-- 
Best regards,
 Vladimir                          mailto:tvg at cctelcom.nsu.ru

More information about the samba mailing list