smbdotconf: mark "passwd chat" with substitution="1"

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/docs-xml/smbdotconf/security/passwdchat.xml b/docs-xml/smbdotconf/security/passwdchat.xml
index c9434b0009863807b8e2b70006a2a2ea9b14db56..23f8e6e1570eb01efa585a0ca4e1a911888b0e5d 100644 (file)
--- a/docs-xml/smbdotconf/security/passwdchat.xml
+++ b/docs-xml/smbdotconf/security/passwdchat.xml
@@ -1,6 +1,7 @@
 <samba:parameter name="passwd chat"
                  context="G"
                 type="string"
+                 substitution="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
     <para>This string controls the <emphasis>&quot;chat&quot;</emphasis> 

diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 785a0c45b4f3067284e774cd45a8362ba8835c8c..751cee61ce16e0703e86b8aa9b14402763540fa2 100644 (file)
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -291,6 +291,8 @@ static int smb_pam_passchange_conv(int num_msg,
        struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
        struct chat_struct *pw_chat;
        struct chat_struct *t;
+       const struct loadparm_substitution *lp_sub =
+               loadparm_s3_global_substitution();
        bool found; 
        *resp = NULL;
 
@@ -299,7 +301,7 @@ static int smb_pam_passchange_conv(int num_msg,
        if (num_msg <= 0)
                return PAM_CONV_ERR;
 
-       if ((pw_chat = make_pw_chat(lp_passwd_chat(talloc_tos()))) == NULL)
+       if ((pw_chat = make_pw_chat(lp_passwd_chat(talloc_tos(), lp_sub))) == NULL)
                return PAM_CONV_ERR;
 
        /*

diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
index d37543f58a8fb3cc26c8d83efebf1d0fe56046cf..995b03c99836084355083e5a092c71489b8e66f0 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
@@ -510,6 +510,8 @@ while we were waiting\n", WTERMSIG(wstat)));
 bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
               const char *oldpass, const char *newpass, bool as_root)
 {
+       const struct loadparm_substitution *lp_sub =
+               loadparm_s3_global_substitution();
        char *passwordprogram = NULL;
        char *chatsequence = NULL;
        size_t i;
@@ -597,7 +599,7 @@ bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
                DEBUG(2, ("chgpasswd: Null password program - no password changing\n"));
                return false;
        }
-       chatsequence = lp_passwd_chat(ctx);
+       chatsequence = lp_passwd_chat(ctx, lp_sub);
        if (!chatsequence || !*chatsequence) {
                DEBUG(2, ("chgpasswd: Null chat sequence - no password changing\n"));
                return false;

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index f4e94b6ef7420ac23a85c09ace639d23abe8322e..42316e5b11db1d83b679eb7205607164c529d6b9 100644 (file)
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -211,6 +211,8 @@ static int do_global_checks(void)
        int ret = 0;
        SMB_STRUCT_STAT st;
        const char *socket_options;
+       const struct loadparm_substitution *lp_sub =
+               loadparm_s3_global_substitution();
 
        if (lp_security() >= SEC_DOMAIN && !lp_encrypt_passwords()) {
                fprintf(stderr, "ERROR: in 'security=domain' mode the "
@@ -407,7 +409,7 @@ static int do_global_checks(void)
                }
 #endif
 
-               if(lp_passwd_chat(talloc_tos()) == NULL) {
+               if(lp_passwd_chat(talloc_tos(), lp_sub) == NULL) {
                        fprintf(stderr,
                                "ERROR: the 'unix password sync' parameter is "
                                "set and there is no valid 'passwd chat' "
@@ -434,14 +436,14 @@ static int do_global_checks(void)
                 */
 
                if(lp_encrypt_passwords()) {
-                       if(strstr_m( lp_passwd_chat(talloc_tos()), "%o")!=NULL) {
+                       if(strstr_m( lp_passwd_chat(talloc_tos(), lp_sub), "%o")!=NULL) {
                                fprintf(stderr,
                                        "ERROR: the 'passwd chat' script [%s] "
                                        "expects to use the old plaintext "
                                        "password via the %%o substitution. With "
                                        "encrypted passwords this is not "
                                        "possible.\n\n",
-                                       lp_passwd_chat(talloc_tos()) );
+                                       lp_passwd_chat(talloc_tos(), lp_sub) );
                                ret = 1;
                        }
                }