LCOV - code coverage report
Current view: top level - source3/utils - smbpasswd.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 167 340 49.1 %
Date: 2021-09-23 10:06:22 Functions: 7 9 77.8 %

          Line data    Source code
       1             : /*
       2             :  * Unix SMB/CIFS implementation. 
       3             :  * Copyright (C) Jeremy Allison 1995-1998
       4             :  * Copyright (C) Tim Potter     2001
       5             :  * 
       6             :  * This program is free software; you can redistribute it and/or modify it
       7             :  * under the terms of the GNU General Public License as published by the
       8             :  * Free Software Foundation; either version 3 of the License, or (at your
       9             :  * option) any later version.
      10             :  * 
      11             :  * This program is distributed in the hope that it will be useful, but WITHOUT
      12             :  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
      13             :  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
      14             :  * more details.
      15             :  * 
      16             :  * You should have received a copy of the GNU General Public License along with
      17             :  * this program; if not, see <http://www.gnu.org/licenses/>.  */
      18             : 
      19             : #include "includes.h"
      20             : #include "system/passwd.h"
      21             : #include "secrets.h"
      22             : #include "../librpc/gen_ndr/samr.h"
      23             : #include "../lib/util/util_pw.h"
      24             : #include "libsmb/proto.h"
      25             : #include "passdb.h"
      26             : #include "cmdline_contexts.h"
      27             : #include "passwd_proto.h"
      28             : #include "lib/util/string_wrappers.h"
      29             : 
      30             : /*
      31             :  * Next two lines needed for SunOS and don't
      32             :  * hurt anything else...
      33             :  */
      34             : extern char *optarg;
      35             : extern int optind;
      36             : 
      37             : /* forced running in root-mode */
      38             : static bool got_username = False;
      39             : static bool stdin_passwd_get = False;
      40             : static fstring user_name;
      41             : static char *new_passwd = NULL;
      42             : static const char *remote_machine = NULL;
      43             : 
      44             : static fstring ldap_secret;
      45             : 
      46             : 
      47             : /*********************************************************
      48             :  Print command usage on stderr and die.
      49             : **********************************************************/
      50           0 : static void usage(void)
      51             : {
      52           0 :         printf("When run by root:\n");
      53           0 :         printf("    smbpasswd [options] [username]\n");
      54           0 :         printf("otherwise:\n");
      55           0 :         printf("    smbpasswd [options]\n\n");
      56             : 
      57           0 :         printf("options:\n");
      58           0 :         printf("  -L                   local mode (must be first option)\n");
      59           0 :         printf("  -h                   print this usage message\n");
      60           0 :         printf("  -s                   use stdin for password prompt\n");
      61           0 :         printf("  -c smb.conf file     Use the given path to the smb.conf file\n");
      62           0 :         printf("  -D LEVEL             debug level\n");
      63           0 :         printf("  -r MACHINE           remote machine\n");
      64           0 :         printf("  -U USER              remote username (e.g. SAM/user)\n");
      65             : 
      66           0 :         printf("extra options when run by root or in local mode:\n");
      67           0 :         printf("  -a                   add user\n");
      68           0 :         printf("  -d                   disable user\n");
      69           0 :         printf("  -e                   enable user\n");
      70           0 :         printf("  -i                   interdomain trust account\n");
      71           0 :         printf("  -m                   machine trust account\n");
      72           0 :         printf("  -n                   set no password\n");
      73           0 :         printf("  -W                   use stdin ldap admin password\n");
      74           0 :         printf("  -w PASSWORD          ldap admin password\n");
      75           0 :         printf("  -x                   delete user\n");
      76           0 :         printf("  -R ORDER             name resolve order\n");
      77             : 
      78           0 :         exit(1);
      79             : }
      80             : 
      81         936 : static void set_line_buffering(FILE *f)
      82             : {
      83         936 :         setvbuf(f, NULL, _IOLBF, 0);
      84         936 : }
      85             : 
      86             : /*******************************************************************
      87             :  Process command line options
      88             :  ******************************************************************/
      89             : 
      90         331 : static int process_options(int argc, char **argv, int local_flags)
      91             : {
      92             :         int ch;
      93         331 :         const char *configfile = get_dyn_CONFIGFILE();
      94             : 
      95         331 :         local_flags |= LOCAL_SET_PASSWORD;
      96             : 
      97         331 :         ZERO_STRUCT(user_name);
      98             : 
      99         331 :         user_name[0] = '\0';
     100             : 
     101        1886 :         while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) {
     102        1291 :                 switch(ch) {
     103         318 :                 case 'L':
     104         318 :                         if (getuid() != 0) {
     105           0 :                                 fprintf(stderr, "smbpasswd -L can only be used by root.\n");
     106           0 :                                 exit(1);
     107             :                         }
     108         318 :                         local_flags |= LOCAL_AM_ROOT;
     109         318 :                         break;
     110         331 :                 case 'c':
     111         331 :                         configfile = optarg;
     112         331 :                         set_dyn_CONFIGFILE(optarg);
     113         331 :                         break;
     114         318 :                 case 'a':
     115         318 :                         local_flags |= LOCAL_ADD_USER;
     116         318 :                         break;
     117           4 :                 case 'x':
     118           4 :                         local_flags |= LOCAL_DELETE_USER;
     119           4 :                         local_flags &= ~LOCAL_SET_PASSWORD;
     120           4 :                         break;
     121           0 :                 case 'd':
     122           0 :                         local_flags |= LOCAL_DISABLE_USER;
     123           0 :                         local_flags &= ~LOCAL_SET_PASSWORD;
     124           0 :                         break;
     125           0 :                 case 'e':
     126           0 :                         local_flags |= LOCAL_ENABLE_USER;
     127           0 :                         local_flags &= ~LOCAL_SET_PASSWORD;
     128           0 :                         break;
     129           2 :                 case 'm':
     130           2 :                         local_flags |= LOCAL_TRUST_ACCOUNT;
     131           2 :                         break;
     132           0 :                 case 'i':
     133           0 :                         local_flags |= LOCAL_INTERDOM_ACCOUNT;
     134           0 :                         break;
     135           0 :                 case 'j':
     136           0 :                         d_printf("See 'net join' for this functionality\n");
     137           0 :                         exit(1);
     138             :                         break;
     139           0 :                 case 'n':
     140           0 :                         local_flags |= LOCAL_SET_NO_PASSWORD;
     141           0 :                         local_flags &= ~LOCAL_SET_PASSWORD;
     142           0 :                         SAFE_FREE(new_passwd);
     143           0 :                         new_passwd = smb_xstrdup("NO PASSWORD");
     144           0 :                         break;
     145           5 :                 case 'r':
     146           5 :                         remote_machine = optarg;
     147           5 :                         break;
     148         312 :                 case 's':
     149         312 :                         set_line_buffering(stdin);
     150         312 :                         set_line_buffering(stdout);
     151         312 :                         set_line_buffering(stderr);
     152         312 :                         stdin_passwd_get = True;
     153         312 :                         break;
     154           0 :                 case 'w':
     155           0 :                         local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
     156           0 :                         fstrcpy(ldap_secret, optarg);
     157           0 :                         break;
     158           0 :                 case 'R':
     159           0 :                         lp_set_cmdline("name resolve order", optarg);
     160           0 :                         break;
     161           0 :                 case 'D':
     162           0 :                         lp_set_cmdline("log level", optarg);
     163           0 :                         break;
     164           1 :                 case 'U': {
     165           1 :                         got_username = True;
     166           1 :                         fstrcpy(user_name, optarg);
     167           1 :                         break;
     168           0 :                 case 'W':
     169           0 :                         local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
     170           0 :                         *ldap_secret = '\0';
     171           0 :                         break;
     172             :                 }
     173           0 :                 case 'h':
     174             :                 default:
     175           0 :                         usage();
     176             :                 }
     177             :         }
     178             : 
     179         331 :         argc -= optind;
     180         331 :         argv += optind;
     181             : 
     182         331 :         switch(argc) {
     183           5 :         case 0:
     184           5 :                 if (!got_username)
     185           4 :                         fstrcpy(user_name, "");
     186           5 :                 break;
     187         326 :         case 1:
     188         326 :                 if (!(local_flags & LOCAL_AM_ROOT)) {
     189           0 :                         usage();
     190             :                 } else {
     191         326 :                         if (got_username) {
     192           0 :                                 usage();
     193             :                         } else {
     194         326 :                                 fstrcpy(user_name, argv[0]);
     195             :                         }
     196             :                 }
     197         326 :                 break;
     198           0 :         default:
     199           0 :                 usage();
     200             :         }
     201             : 
     202         331 :         if (!lp_load_global(configfile)) {
     203           0 :                 fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
     204             :                         configfile);
     205           0 :                 exit(1);
     206             :         }
     207             : 
     208         331 :         return local_flags;
     209             : }
     210             : 
     211             : /*************************************************************
     212             :  Utility function to prompt for new password.
     213             : *************************************************************/
     214         325 : static char *prompt_for_new_password(bool stdin_get)
     215             : {
     216             :         char *p;
     217             :         fstring new_pw;
     218             : 
     219         325 :         ZERO_ARRAY(new_pw);
     220             : 
     221         325 :         p = get_pass("New SMB password:", stdin_get);
     222         325 :         if (p == NULL) {
     223           0 :                 return NULL;
     224             :         }
     225             : 
     226         325 :         fstrcpy(new_pw, p);
     227         325 :         SAFE_FREE(p);
     228             : 
     229         325 :         p = get_pass("Retype new SMB password:", stdin_get);
     230         325 :         if (p == NULL) {
     231           0 :                 return NULL;
     232             :         }
     233             : 
     234         325 :         if (strcmp(p, new_pw)) {
     235           0 :                 fprintf(stderr, "Mismatch - password unchanged.\n");
     236           0 :                 ZERO_ARRAY(new_pw);
     237           0 :                 SAFE_FREE(p);
     238           0 :                 return NULL;
     239             :         }
     240             : 
     241         325 :         return p;
     242             : }
     243             : 
     244             : 
     245             : /*************************************************************
     246             :  Change a password either locally or remotely.
     247             : *************************************************************/
     248             : 
     249         331 : static NTSTATUS password_change(const char *remote_mach,
     250             :                                 const char *domain, const char *username,
     251             :                                 const char *old_passwd, const char *new_pw,
     252             :                                 int local_flags)
     253             : {
     254             :         NTSTATUS ret;
     255         331 :         char *err_str = NULL;
     256         331 :         char *msg_str = NULL;
     257             : 
     258         331 :         if (remote_mach != NULL) {
     259           5 :                 if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|
     260             :                                    LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
     261             :                                    LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
     262             :                         /* these things can't be done remotely yet */
     263           0 :                         fprintf(stderr, "Invalid remote operation!\n");
     264           0 :                         return NT_STATUS_UNSUCCESSFUL;
     265             :                 }
     266           5 :                 ret = remote_password_change(remote_mach,
     267             :                                              domain, username,
     268             :                                              old_passwd, new_pw, &err_str);
     269             :         } else {
     270         326 :                 ret = local_password_change(username, local_flags, new_pw,
     271             :                                             &err_str, &msg_str);
     272             :         }
     273             : 
     274         331 :         if (msg_str) {
     275         322 :                 printf("%s", msg_str);
     276             :         }
     277         331 :         if (err_str) {
     278           0 :                 fprintf(stderr, "%s", err_str);
     279             :         }
     280         331 :         if (!NT_STATUS_IS_OK(ret) && !err_str) {
     281           0 :                 fprintf(stderr, "Failed to change password!\n");
     282             :         }
     283             : 
     284         331 :         SAFE_FREE(msg_str);
     285         331 :         SAFE_FREE(err_str);
     286         331 :         return ret;
     287             : }
     288             : 
     289             : /*******************************************************************
     290             :  Store the LDAP admin password in secrets.tdb
     291             :  ******************************************************************/
     292           0 : static bool store_ldap_admin_pw (char* pw)
     293             : {       
     294           0 :         if (!pw) 
     295           0 :                 return False;
     296             : 
     297           0 :         if (!secrets_init())
     298           0 :                 return False;
     299             : 
     300           0 :         return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw);
     301             : }
     302             : 
     303             : 
     304             : /*************************************************************
     305             :  Handle password changing for root.
     306             : *************************************************************/
     307             : 
     308         327 : static int process_root(int local_flags)
     309             : {
     310             :         struct passwd  *pwd;
     311         327 :         int result = 0;
     312         327 :         char *old_passwd = NULL;
     313             : 
     314         327 :         if (local_flags & LOCAL_SET_LDAP_ADMIN_PW) {
     315           0 :                 const char *ldap_admin_dn = lp_ldap_admin_dn();
     316           0 :                 if ( ! *ldap_admin_dn ) {
     317           0 :                         DEBUG(0,("ERROR: 'ldap admin dn' not defined! Please check your smb.conf\n"));
     318           0 :                         goto done;
     319             :                 }
     320             : 
     321           0 :                 printf("Setting stored password for \"%s\" in secrets.tdb\n", ldap_admin_dn);
     322           0 :                 if ( ! *ldap_secret ) {
     323           0 :                         new_passwd = prompt_for_new_password(stdin_passwd_get);
     324           0 :                         if (new_passwd == NULL) {
     325           0 :                                 fprintf(stderr, "Failed to read new password!\n");
     326           0 :                                 exit(1);
     327             :                         }
     328           0 :                         fstrcpy(ldap_secret, new_passwd);
     329             :                 }
     330           0 :                 if (!store_ldap_admin_pw(ldap_secret)) {
     331           0 :                         DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
     332             :                 }
     333           0 :                 goto done;
     334             :         }
     335             : 
     336             :         /* Ensure passdb startup(). */
     337         327 :         if(!initialize_password_db(False, NULL)) {
     338           0 :                 DEBUG(0, ("Failed to open passdb!\n"));
     339           0 :                 exit(1);
     340             :         }
     341             : 
     342             :         /* Ensure we have a SAM sid. */
     343         327 :         get_global_sam_sid();
     344             : 
     345             :         /*
     346             :          * Ensure both add/delete user are not set
     347             :          * Ensure add/delete user and either remote machine or join domain are
     348             :          * not both set.
     349             :          */     
     350         588 :         if(((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) || 
     351         583 :            ((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && 
     352         322 :                 (remote_machine != NULL))) {
     353           0 :                 usage();
     354             :         }
     355             : 
     356             :         /* Only load interfaces if we are doing network operations. */
     357             : 
     358         327 :         if (remote_machine) {
     359           1 :                 load_interfaces();
     360             :         }
     361             : 
     362         327 :         if (!user_name[0] && (pwd = getpwuid_alloc(talloc_tos(), geteuid()))) {
     363           0 :                 fstrcpy(user_name, pwd->pw_name);
     364           0 :                 TALLOC_FREE(pwd);
     365             :         } 
     366             : 
     367         327 :         if (!user_name[0]) {
     368           0 :                 fprintf(stderr,"You must specify a username\n");
     369           0 :                 exit(1);
     370             :         }
     371             : 
     372         327 :         if (local_flags & LOCAL_TRUST_ACCOUNT) {
     373             :                 /* add the $ automatically */
     374           2 :                 size_t user_name_len = strlen(user_name);
     375             : 
     376           2 :                 if (user_name[user_name_len - 1] == '$') {
     377           0 :                         user_name_len--;
     378             :                 } else {
     379           2 :                         if (user_name_len + 2 > sizeof(user_name)) {
     380           0 :                                 fprintf(stderr, "machine name too long\n");
     381           0 :                                 exit(1);
     382             :                         }
     383           2 :                         user_name[user_name_len] = '$';
     384           2 :                         user_name[user_name_len + 1] = '\0';
     385             :                 }
     386             : 
     387           2 :                 if (local_flags & LOCAL_ADD_USER) {
     388           2 :                         SAFE_FREE(new_passwd);
     389             : 
     390             :                         /*
     391             :                          * Remove any trailing '$' before we
     392             :                          * generate the initial machine password.
     393             :                          */
     394           2 :                         new_passwd = smb_xstrndup(user_name, user_name_len);
     395           2 :                         if (!strlower_m(new_passwd)) {
     396           0 :                                 fprintf(stderr, "strlower_m %s failed\n",
     397             :                                         new_passwd);
     398           0 :                                 exit(1);
     399             :                         }
     400             :                 }
     401         325 :         } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
     402           0 :                 size_t user_name_len = strlen(user_name);
     403             : 
     404           0 :                 if (user_name[user_name_len - 1] != '$') {
     405           0 :                         if (user_name_len + 2 > sizeof(user_name)) {
     406           0 :                                 fprintf(stderr, "machine name too long\n");
     407           0 :                                 exit(1);
     408             :                         }
     409           0 :                         user_name[user_name_len] = '$';
     410           0 :                         user_name[user_name_len + 1] = '\0';
     411             :                 }
     412             : 
     413           0 :                 if ((local_flags & LOCAL_ADD_USER) && (new_passwd == NULL)) {
     414             :                         /*
     415             :                          * Prompt for trusting domain's account password
     416             :                          */
     417           0 :                         new_passwd = prompt_for_new_password(stdin_passwd_get);
     418           0 :                         if(!new_passwd) {
     419           0 :                                 fprintf(stderr, "Unable to get newpassword.\n");
     420           0 :                                 exit(1);
     421             :                         }
     422             :                 }
     423             :         } else {
     424             : 
     425         325 :                 if (remote_machine != NULL) {
     426           1 :                         old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
     427           1 :                         if(!old_passwd) {
     428           0 :                                 fprintf(stderr, "Unable to get old password.\n");
     429           0 :                                 exit(1);
     430             :                         }
     431             :                 }
     432             : 
     433         325 :                 if (!(local_flags & LOCAL_SET_PASSWORD)) {
     434             : 
     435             :                         /*
     436             :                          * If we are trying to enable a user, first we need to find out
     437             :                          * if they are using a modern version of the smbpasswd file that
     438             :                          * disables a user by just writing a flag into the file. If so
     439             :                          * then we can re-enable a user without prompting for a new
     440             :                          * password. If not (ie. they have a no stored password in the
     441             :                          * smbpasswd file) then we need to prompt for a new password.
     442             :                          */
     443             : 
     444           4 :                         if(local_flags & LOCAL_ENABLE_USER) {
     445           0 :                                 struct samu *sampass = NULL;
     446             : 
     447           0 :                                 sampass = samu_new( NULL );
     448           0 :                                 if (!sampass) {
     449           0 :                                         fprintf(stderr, "talloc fail for struct samu.\n");
     450           0 :                                         exit(1);
     451             :                                 }
     452           0 :                                 if (!pdb_getsampwnam(sampass, user_name)) {
     453           0 :                                         fprintf(stderr, "Failed to find user %s in passdb backend.\n",
     454             :                                                 user_name );
     455           0 :                                         exit(1);
     456             :                                 }
     457             : 
     458           0 :                                 if(pdb_get_nt_passwd(sampass) == NULL) {
     459           0 :                                         local_flags |= LOCAL_SET_PASSWORD;
     460             :                                 }
     461           0 :                                 TALLOC_FREE(sampass);
     462             :                         }
     463             :                 }
     464             : 
     465         325 :                 if((local_flags & LOCAL_SET_PASSWORD) && (new_passwd == NULL)) {
     466             : 
     467         321 :                         new_passwd = prompt_for_new_password(stdin_passwd_get);
     468         321 :                         if(!new_passwd) {
     469           0 :                                 fprintf(stderr, "Unable to get new password.\n");
     470           0 :                                 exit(1);
     471             :                         }
     472             :                 }
     473             :         }
     474             : 
     475         327 :         if (!NT_STATUS_IS_OK(password_change(remote_machine,
     476             :                                              NULL, user_name,
     477             :                                              old_passwd, new_passwd,
     478             :                                              local_flags))) {
     479           0 :                 result = 1;
     480           0 :                 goto done;
     481             :         } 
     482             : 
     483         327 :         if(remote_machine) {
     484           1 :                 printf("Password changed for user %s on %s.\n", user_name, remote_machine );
     485         326 :         } else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) {
     486           0 :                 struct samu *sampass = NULL;
     487             : 
     488           0 :                 sampass = samu_new( NULL );
     489           0 :                 if (!sampass) {
     490           0 :                         fprintf(stderr, "talloc fail for struct samu.\n");
     491           0 :                         exit(1);
     492             :                 }
     493             : 
     494           0 :                 if (!pdb_getsampwnam(sampass, user_name)) {
     495           0 :                         fprintf(stderr, "Failed to find user %s in passdb backend.\n",
     496             :                                 user_name );
     497           0 :                         exit(1);
     498             :                 }
     499             : 
     500           0 :                 printf("Password changed for user %s.", user_name );
     501           0 :                 if(pdb_get_acct_ctrl(sampass)&ACB_DISABLED) {
     502           0 :                         printf(" User has disabled flag set.");
     503             :                 }
     504           0 :                 if(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) {
     505           0 :                         printf(" User has no password flag set.");
     506             :                 }
     507           0 :                 printf("\n");
     508           0 :                 TALLOC_FREE(sampass);
     509             :         }
     510             : 
     511         587 :  done:
     512         327 :         SAFE_FREE(old_passwd);
     513         327 :         SAFE_FREE(new_passwd);
     514         327 :         return result;
     515             : }
     516             : 
     517             : 
     518             : /*************************************************************
     519             :  Handle password changing for non-root.
     520             : *************************************************************/
     521             : 
     522           4 : static int process_nonroot(int local_flags)
     523             : {
     524           4 :         struct passwd  *pwd = NULL;
     525           4 :         int result = 0;
     526           4 :         char *old_pw = NULL;
     527           4 :         char *new_pw = NULL;
     528           4 :         const char *username = user_name;
     529           4 :         const char *domain = NULL;
     530           4 :         char *p = NULL;
     531             : 
     532           4 :         if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) {
     533             :                 /* Extra flags that we can't honor non-root */
     534           0 :                 usage();
     535             :         }
     536             : 
     537           4 :         if (!user_name[0]) {
     538           4 :                 pwd = getpwuid_alloc(talloc_tos(), getuid());
     539           4 :                 if (pwd) {
     540           4 :                         fstrcpy(user_name,pwd->pw_name);
     541           4 :                         TALLOC_FREE(pwd);
     542             :                 } else {
     543           0 :                         fprintf(stderr, "smbpasswd: cannot lookup user name for uid %u\n", (unsigned int)getuid());
     544           0 :                         exit(1);
     545             :                 }
     546             :         }
     547             : 
     548             :         /* Allow domain as part of the username */
     549           5 :         if ((p = strchr_m(user_name, '\\')) ||
     550           5 :             (p = strchr_m(user_name, '/')) ||
     551           4 :             (p = strchr_m(user_name, *lp_winbind_separator()))) {
     552           0 :                 *p = '\0';
     553           0 :                 username = p + 1;
     554           0 :                 domain = user_name;
     555             :         }
     556             : 
     557             :         /*
     558             :          * A non-root user is always setting a password
     559             :          * via a remote machine (even if that machine is
     560             :          * localhost).
     561             :          */     
     562             : 
     563           4 :         load_interfaces(); /* Delayed from main() */
     564             : 
     565           4 :         if (remote_machine != NULL) {
     566           4 :                 if (!is_ipaddress(remote_machine)) {
     567           4 :                         domain = remote_machine;
     568             :                 }
     569             :         } else {
     570           0 :                 remote_machine = "127.0.0.1";
     571             : 
     572             :                 /*
     573             :                  * If we deal with a local user, change the password for the
     574             :                  * user in our SAM.
     575             :                  */
     576           0 :                 domain = get_global_sam_name();
     577             :         }
     578             : 
     579           4 :         old_pw = get_pass("Old SMB password:",stdin_passwd_get);
     580           4 :         if (old_pw == NULL) {
     581           0 :                 fprintf(stderr, "Unable to get old password.\n");
     582           0 :                 exit(1);
     583             :         }
     584             : 
     585           4 :         if (!new_passwd) {
     586           4 :                 new_pw = prompt_for_new_password(stdin_passwd_get);
     587             :         }
     588             :         else
     589           0 :                 new_pw = smb_xstrdup(new_passwd);
     590             : 
     591           4 :         if (!new_pw) {
     592           0 :                 fprintf(stderr, "Unable to get new password.\n");
     593           0 :                 exit(1);
     594             :         }
     595             : 
     596           4 :         if (!NT_STATUS_IS_OK(password_change(remote_machine,
     597             :                                              domain, username,
     598             :                                              old_pw, new_pw, 0))) {
     599           0 :                 result = 1;
     600           0 :                 goto done;
     601             :         }
     602             : 
     603           4 :         printf("Password changed for user %s\n", username);
     604             : 
     605           4 :  done:
     606           4 :         SAFE_FREE(old_pw);
     607           4 :         SAFE_FREE(new_pw);
     608             : 
     609           4 :         return result;
     610             : }
     611             : 
     612             : 
     613             : 
     614             : /*********************************************************
     615             :  Start here.
     616             : **********************************************************/
     617         331 : int main(int argc, char **argv)
     618             : {       
     619         331 :         TALLOC_CTX *frame = talloc_stackframe();
     620         331 :         int local_flags = 0;
     621             :         int ret;
     622             : 
     623             : #if defined(HAVE_SET_AUTH_PARAMETERS)
     624             :         set_auth_parameters(argc, argv);
     625             : #endif /* HAVE_SET_AUTH_PARAMETERS */
     626             : 
     627         331 :         if (getuid() == 0) {
     628         327 :                 local_flags = LOCAL_AM_ROOT;
     629             :         }
     630             : 
     631         331 :         smb_init_locale();
     632             : 
     633         331 :         local_flags = process_options(argc, argv, local_flags);
     634             : 
     635         331 :         setup_logging("smbpasswd", DEBUG_STDERR);
     636             : 
     637             :         /* Check the effective uid - make sure we are not setuid */
     638         331 :         if (is_setuid_root()) {
     639           0 :                 fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n");
     640           0 :                 exit(1);
     641             :         }
     642             : 
     643         331 :         if (local_flags & LOCAL_AM_ROOT) {
     644             :                 bool ok;
     645             : 
     646         327 :                 ok = secrets_init();
     647         327 :                 if (!ok) {
     648           0 :                         return 1;
     649             :                 }
     650         327 :                 ret = process_root(local_flags);
     651             :         } else {
     652           4 :                 ret = process_nonroot(local_flags);
     653             :         }
     654         331 :         TALLOC_FREE(frame);
     655         331 :         return ret;
     656             : }

Generated by: LCOV version 1.13