sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
03a50d8f7d
samba-mirror/source3
History
Joseph Sutton 65c473d4a5 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change 
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:38 +00:00
..
auth CVE-2021-20251 s3: ensure bad password count atomic updates 2022-09-12 23:07:38 +00:00
build
client s3/client: fix dfs deltree, resolve dfs path 2022-06-17 17:12:07 +00:00
exports
groupdb
include libsmb: Allow to request SMB311 posix in source3/libsmb 2022-09-02 13:31:38 +00:00
intl
lib lib: Fix a typo 2022-08-26 18:54:37 +00:00
libads s3:libads: let cldap_ping_list() use cldap_multi_netlogon() 2022-09-08 08:12:46 +00:00
libgpo/gpext
libnet s3:libads: Allocate ads->auth.ccache_name under ADS_STRUCT talloc context 2022-06-27 15:50:30 +00:00
librpc smbXsrv_client: notify a different node to drop a connection by client guid. 2022-09-02 20:59:15 +00:00
libsmb pylibsmb: Add create_ex() 2022-09-02 13:31:38 +00:00
locale spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated 2022-06-10 18:12:33 +00:00
locking s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default 2022-08-19 18:41:34 +00:00
modules s3:modules - fix read of uninitialized memory 2022-09-07 19:40:17 +00:00
nmbd source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
param param: Add "smb3 unix extensions" 2022-09-02 13:31:38 +00:00
passdb s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common() 2022-08-26 07:59:32 +00:00
printing s3: smbd: Convert driver_unix_convert() to use filename_convert_dirfsp(). 2022-08-04 18:10:43 +00:00
profile s3:profile: make use of tevent_cached_getpid() in performance critical code 2022-07-25 18:32:18 +00:00
registry registry3: Align an integer type 2022-07-25 12:04:33 +00:00
rpc_client s3:rpc_client: Implement dcerpc_samr_chgpasswd_user4() 2022-07-28 11:51:29 +00:00
rpc_server CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change 2022-09-12 23:07:38 +00:00
rpcclient s3:rpcclient: Implement cmd chpasswd4 2022-07-28 11:51:29 +00:00
script s3:tests: add test_smbXsrv_client_cross_node.sh 2022-09-02 20:02:29 +00:00
selftest s3:tests: add test_smbXsrv_client_cross_node.sh 2022-09-02 20:02:29 +00:00
services s3:services: Disable rcinit-based service control code 2021-12-10 14:02:30 +00:00
smbd Fix spelling mistakes. 2022-09-12 02:29:32 +00:00
torture s3: smbtorture: In run_smb1_dfs_paths() ensure we're actually reading and testing crtimes from the filesystem. 2022-09-12 16:21:23 +00:00
utils ntlm_auth: Remove an unused #include 2022-09-07 18:40:28 +00:00
web
winbindd Fix spelling mistakes. 2022-09-12 02:29:32 +00:00
.clang_complete
.dmallocrc
.indent.pro
Doxyfile
mainpage.dox
smbadduser.in
wscript source3/wscript: Detect glusterfs-api with *at() calls support 2022-08-26 16:31:37 +00:00
wscript_build s3:waf: Fix version number of public libsmbconf 2022-06-24 09:48:38 +00:00
wscript_configure_system_ncurses