Bug 23370 - smbpasswd command line behaviour differs from man page
smbpasswd command line behaviour differs from man page
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: samba (Show other bugs)
6.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-04 21:44 EST by Tim Pepper
Modified: 2007-04-18 12:30 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-04 21:44:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Pepper 2001-01-04 21:44:02 EST
In the RedHat 6.2 samba-2.0.7-4 package (I haven't verified this against
other versions) I'm seeing behaviour in the smbpasswd command line
parameters which seems to vary from that which is described in the man page
in that the command seems to be accepting a final command line parameter
not mentioned in the man page.

The man page indicates a usage of:
	smbpasswd [options...] username
where the 'username' parameter is stated to specify "the username for all
of the root only options to operate on.  Only root can specify this
parameter as only root has the permission needed to modify attributes
directly in the local smbpasswd file."

Contrary to this, for any non-root user entering the smbpasswd command with
a final non-option parameter, that parameter is taken as the new password. 
The user is prompted for the old password and then not prompted for a new
password.  This works similarly for remote connections via the -r [-U]
options.  In both cases there must of course be an existing account for the
non-root user running the command.

For the root user, a command of 'smbpasswd username newpassword' will
similarly succeed.

If root enters 'smbpasswd -r servername -U remoteuser1 remoteuser2
password', remoteusers2 will be set to password without further
interaction, overriding the -U parameter.

Not a big deal I suppose and simple testing seems to indicate that this
undocumented parameter exits gracefully when subjected to a buffer overflow
attempt:

ERROR: string overflow by 2457 in safe_strcpy
[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
make_oem_passwd_hash: new password is too long.
machine 127.0.0.1 rejected the password change: Error was : code 0.
Failed to change password for foouser
Comment 1 Bill Nottingham 2001-01-18 18:18:27 EST
man page clarified slightly in 2.0.7-24; thanks for noticing.

Note You need to log in before you can comment on or make changes to this bug.