Bug 23370

Summary: smbpasswd command line behaviour differs from man page
Product: [Retired] Red Hat Linux Reporter: Tim Pepper <rhn>
Component: sambaAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-01-05 02:44:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim Pepper 2001-01-05 02:44:02 UTC
In the RedHat 6.2 samba-2.0.7-4 package (I haven't verified this against
other versions) I'm seeing behaviour in the smbpasswd command line
parameters which seems to vary from that which is described in the man page
in that the command seems to be accepting a final command line parameter
not mentioned in the man page.

The man page indicates a usage of:
	smbpasswd [options...] username
where the 'username' parameter is stated to specify "the username for all
of the root only options to operate on.  Only root can specify this
parameter as only root has the permission needed to modify attributes
directly in the local smbpasswd file."

Contrary to this, for any non-root user entering the smbpasswd command with
a final non-option parameter, that parameter is taken as the new password. 
The user is prompted for the old password and then not prompted for a new
password.  This works similarly for remote connections via the -r [-U]
options.  In both cases there must of course be an existing account for the
non-root user running the command.

For the root user, a command of 'smbpasswd username newpassword' will
similarly succeed.

If root enters 'smbpasswd -r servername -U remoteuser1 remoteuser2
password', remoteusers2 will be set to password without further
interaction, overriding the -U parameter.

Not a big deal I suppose and simple testing seems to indicate that this
undocumented parameter exits gracefully when subjected to a buffer overflow
attempt:

ERROR: string overflow by 2457 in safe_strcpy
[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
make_oem_passwd_hash: new password is too long.
machine 127.0.0.1 rejected the password change: Error was : code 0.
Failed to change password for foouser

Comment 1 Bill Nottingham 2001-01-18 23:18:27 UTC
man page clarified slightly in 2.0.7-24; thanks for noticing.