sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Code
samba-mirror/source3/rpc_server
History
Andrew Bartlett 9f53b61f06 CVE-2013-4496:samr: Remove ChangePasswordUser 
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.  It also has quite difficult semantics to handle regarding
password lockout.

The missing features in both implementations (by design) were:

 - the password complexity checks (no plaintext)
 - the minimum password length (no plaintext)

Additionally, the source3 version did not check:

 - the minimum password age
 - pdb_get_pass_can_change() which checks the security
   descriptor for the 'user cannot change password' setting.
 - the password history
 - the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password.  It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37
2014-03-13 10:26:03 +01:00
..
dfs
Correctly check for errors in strlower_m() returns.
2012-08-09 12:08:18 -07:00
dssetup
Correctly check for errors in strlower_m() returns.
2012-08-09 12:08:18 -07:00
echo
s3-rpc_server: Make it possible to use more rpc exceptions.
2012-07-06 10:00:56 +02:00
epmapper
s3:srv_epmapper: make use of dcerpc_binding_get_abstract_syntax()
2014-02-13 11:54:16 +01:00
eventlog
Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct security_descriptor *.
2012-11-13 22:48:19 +01:00
initshutdown
s3: include ntdomain.h before including generated srv_ headers.
2011-05-02 15:03:44 +02:00
lsa
s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx().
2012-09-28 22:44:08 +02:00
netlogon
s3-auth: Pass mem_ctx to auth_check_ntlm_password().
2014-02-19 11:29:29 +13:00
ntsvcs
s3-rpc_server: Make it possible to use more rpc exceptions.
2012-07-06 10:00:56 +02:00
samr
CVE-2013-4496:samr: Remove ChangePasswordUser
2014-03-13 10:26:03 +01:00
spoolss
s3: printing: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message.
2014-02-18 17:48:30 +01:00
srvsvc
param: change fstype to use a constant string
2014-02-12 13:17:14 +13:00
svcctl
s3-rpc_server: Fix useless check if we still have a valid string.
2012-12-21 13:56:00 +01:00
winreg
loadparm: rename lp[cfg]_print_ok to lp[cfg]_printable for consistency with docs
2014-02-03 13:27:15 +13:00
wkssvc
param: rename lp function and variable from 'passwordserver' to 'password_server'
2014-02-07 16:19:10 -08:00
dcesrv_auth_generic.c
s3-rpc_server: Ensure we are root when starting and usiing gensec
2013-05-16 19:02:00 +02:00
dcesrv_auth_generic.h
s3-rpc_server Remove unused function auth_generic_server_start()
2012-02-23 16:14:18 +11:00
epmd.c
s3-epmd: Cast getpid() result to unsigned int for GNU/Solaris build
2013-03-15 10:39:02 -07:00
lsasd.c
s3-rpc_server: Refactor lsasd_create_sockets().
2013-10-21 12:49:44 +02:00
rpc_config.c
s3-rpc: added "rpc_server:default" config option
2011-12-22 07:27:07 +01:00
rpc_config.h
s3-rpc_server: Replace RPC_SERVICE_MODE_DAEMON checks
2011-08-21 09:05:03 -04:00
rpc_contexts.c
s3-rpc_server: Move the context functions to own file.
2011-06-01 12:02:15 +02:00
rpc_contexts.h
s3-rpc_server: Move the context functions to own file.
2011-06-01 12:02:15 +02:00
rpc_ep_register.c
s3:rpc_server: make use of dcerpc_binding_set_abstract_syntax()
2014-02-13 11:54:16 +01:00
rpc_ep_register.h
s3-rpc_server: Use binding vector in rpc_ep_try_register().
2011-08-01 08:50:35 +02:00
rpc_handles.c
s3-rpc: use ndr_interface_name() instead of get_pipe_name_from_syntax() in DEBUG.
2013-09-20 13:07:16 +02:00
rpc_ncacn_np.c
s3-rpc_server: Remove obsolete make_internal_rpc_pipe().
2013-10-29 16:29:16 +01:00
rpc_ncacn_np.h
s3-rpc_server: Remove obsolete make_internal_rpc_pipe().
2013-10-29 16:29:16 +01:00
rpc_pipes.h
s3:rpc_server: check header of each packet fragment
2014-02-11 16:02:14 +01:00
rpc_server.c
s3:rpc_server: use make_session_info_guest() directly
2013-12-23 09:18:15 +01:00
rpc_server.h
s3/rpc_server: don't unmarshall PDUs twice
2013-12-11 22:24:31 +01:00
rpc_service_setup.c
param: Change from _lp to lp__ as the prefix for internal parameter wrappers
2012-04-16 14:32:38 +10:00
rpc_service_setup.h
s3-rpc_server: Move config helpers in one place.
2011-08-21 09:05:03 -04:00
rpc_sock_helper.c
s3:rpc_server: rpc_create_tcpip_sockets() may leak talloc_stackframe on failure
2013-11-04 12:30:26 +01:00
rpc_sock_helper.h
s3-rpc_server: Add RPC socket helper functions.
2011-08-01 08:50:35 +02:00
srv_access_check.c
s3-rpc_server: Grant the system token full access.
2013-08-06 14:42:14 +02:00
srv_access_check.h
s3:rpc_server: add _RPC_SERVER_SRV_ACCESS_CHECK_H_ guard to srv_access_check.h
2011-05-31 18:37:29 +02:00
srv_pipe_hnd.c
rpc_server: change unsupported pipe error
2014-03-05 16:31:42 +01:00
srv_pipe_hnd.h
s3/rpc_server: don't unmarshall PDUs twice
2013-12-11 22:24:31 +01:00
srv_pipe_internal.h
srv_pipe_register.c
s3-rpc_server: remove proto of nonexisting function
2011-05-02 15:03:43 +02:00
srv_pipe_register.h
s3-proto: move rpc_srv_register protos and structs to town headerfile.
2011-05-02 15:03:43 +02:00
srv_pipe.c
s3:rpc_server: check verification trailer
2014-02-11 16:02:14 +01:00
srv_pipe.h
s3-rpc_server: (re)move last globally included rpc_server prototypes.
2011-05-02 16:05:31 +02:00
wscript_build
s3-rpc_server: Add make_internal_rpc_pipe_socketpair().
2013-10-29 16:17:03 +01:00