Tim Pepper
2001-Jan-05 03:49 UTC
[BUG?] smbpasswd command line behaviour differs from man page
I haven't verified this against the official samba 2.0.7 distribution, having just stumbled upon it on a specific system, but... In the RedHat 6.2 samba-2.0.7-4 package (I haven't verified this against other versions) I'm seeing behaviour in the smbpasswd command line parameters which seems to vary from that which is described in the man page in that the command seems to be accepting a final command line parameter not mentioned in the man page. The man page indicates a usage of: smbpasswd [options...] username where the 'username' parameter is stated to specify "the username for all of the root only options to operate on. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file." Contrary to this, for any non-root user entering the smbpasswd command with a final non-option parameter, that parameter is taken as the new password. The user is prompted for the old password and then not prompted for a new password. This works similarly for remote connections via the -r [-U] options. In both cases there must of course be an existing account for the non-root user running the command. For the root user, a command of 'smbpasswd username newpassword' will similarly succeed. If root enters 'smbpasswd -r servername -U remoteuser1 remoteuser2 password', remoteusers2 will be set to password without further interaction, overriding the -U parameter. Not a big deal I suppose and simple testing seems to indicate that this undocumented parameter exits gracefully when subjected to a buffer overflow attempt: ERROR: string overflow by 2457 in safe_strcpy [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] make_oem_passwd_hash: new password is too long. machine 127.0.0.1 rejected the password change: Error was : code 0. Failed to change password for foouser -- ***************************************************** * tim.pepper@zelerate dot com * Venimus, Vidimus, * * http://www.zelerate.com * Dolavimus * *****************************************************