From: Ralph Boehme <slow@samba.org>
Date: Tue, 5 Nov 2019 10:13:30 +0000 (+0100)
Subject: smbdotconf: mark "passwd chat" with substitution="1"
X-Git-Tag: ldb-2.1.0~536
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4551dd27840a4bd0f84a78da1920acc7ba204f88;p=thirdparty%2Fsamba.git

smbdotconf: mark "passwd chat" with substitution="1"

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/docs-xml/smbdotconf/security/passwdchat.xml b/docs-xml/smbdotconf/security/passwdchat.xml
index c9434b00098..23f8e6e1570 100644
--- a/docs-xml/smbdotconf/security/passwdchat.xml
+++ b/docs-xml/smbdotconf/security/passwdchat.xml
@@ -1,6 +1,7 @@
 <samba:parameter name="passwd chat"
                  context="G"
 		 type="string"
+                 substitution="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
     <para>This string controls the <emphasis>&quot;chat&quot;</emphasis> 
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 785a0c45b4f..751cee61ce1 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -291,6 +291,8 @@ static int smb_pam_passchange_conv(int num_msg,
 	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
 	struct chat_struct *pw_chat;
 	struct chat_struct *t;
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
 	bool found; 
 	*resp = NULL;
 
@@ -299,7 +301,7 @@ static int smb_pam_passchange_conv(int num_msg,
 	if (num_msg <= 0)
 		return PAM_CONV_ERR;
 
-	if ((pw_chat = make_pw_chat(lp_passwd_chat(talloc_tos()))) == NULL)
+	if ((pw_chat = make_pw_chat(lp_passwd_chat(talloc_tos(), lp_sub))) == NULL)
 		return PAM_CONV_ERR;
 
 	/*
diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
index d37543f58a8..995b03c9983 100644
--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
@@ -510,6 +510,8 @@ while we were waiting\n", WTERMSIG(wstat)));
 bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
 	       const char *oldpass, const char *newpass, bool as_root)
 {
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
 	char *passwordprogram = NULL;
 	char *chatsequence = NULL;
 	size_t i;
@@ -597,7 +599,7 @@ bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
 		DEBUG(2, ("chgpasswd: Null password program - no password changing\n"));
 		return false;
 	}
-	chatsequence = lp_passwd_chat(ctx);
+	chatsequence = lp_passwd_chat(ctx, lp_sub);
 	if (!chatsequence || !*chatsequence) {
 		DEBUG(2, ("chgpasswd: Null chat sequence - no password changing\n"));
 		return false;
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index f4e94b6ef74..42316e5b11d 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -211,6 +211,8 @@ static int do_global_checks(void)
 	int ret = 0;
 	SMB_STRUCT_STAT st;
 	const char *socket_options;
+	const struct loadparm_substitution *lp_sub =
+		loadparm_s3_global_substitution();
 
 	if (lp_security() >= SEC_DOMAIN && !lp_encrypt_passwords()) {
 		fprintf(stderr, "ERROR: in 'security=domain' mode the "
@@ -407,7 +409,7 @@ static int do_global_checks(void)
 		}
 #endif
 
-		if(lp_passwd_chat(talloc_tos()) == NULL) {
+		if(lp_passwd_chat(talloc_tos(), lp_sub) == NULL) {
 			fprintf(stderr,
 				"ERROR: the 'unix password sync' parameter is "
 				"set and there is no valid 'passwd chat' "
@@ -434,14 +436,14 @@ static int do_global_checks(void)
 		 */
 
 		if(lp_encrypt_passwords()) {
-			if(strstr_m( lp_passwd_chat(talloc_tos()), "%o")!=NULL) {
+			if(strstr_m( lp_passwd_chat(talloc_tos(), lp_sub), "%o")!=NULL) {
 				fprintf(stderr,
 					"ERROR: the 'passwd chat' script [%s] "
 					"expects to use the old plaintext "
 					"password via the %%o substitution. With "
 					"encrypted passwords this is not "
 					"possible.\n\n",
-					lp_passwd_chat(talloc_tos()) );
+					lp_passwd_chat(talloc_tos(), lp_sub) );
 				ret = 1;
 			}
 		}