mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
ae3b615236
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
|
||
---|---|---|
.. | ||
auth | ||
build | ||
client | ||
exports | ||
groupdb | ||
include | ||
intl | ||
lib | ||
libads | ||
libgpo/gpext | ||
libnet | ||
librpc | ||
libsmb | ||
locale | ||
locking | ||
modules | ||
nmbd | ||
param | ||
passdb | ||
printing | ||
profile | ||
registry | ||
rpc_client | ||
rpc_server | ||
rpcclient | ||
script | ||
selftest | ||
services | ||
smbd | ||
torture | ||
utils | ||
web | ||
winbindd | ||
.clang_complete | ||
.dmallocrc | ||
.indent.pro | ||
Doxyfile | ||
mainpage.dox | ||
smbadduser.in | ||
wscript | ||
wscript_build | ||
wscript_configure_system_ncurses |