sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
4c5752d40f
samba-mirror/source3
History
Michael Adam 4c5752d40f secrets: fix replacemend random seed generator (security issue). 
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval  as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.

The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
   instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
   of sys_getpid() + 1 and incremented in subsequent calls.

In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.

Michael
(This used to be commit bfc5d34a19)
2008-08-05 23:44:00 +02:00
..
auth Removed redundant logging from create_builtin_users and create_builtin_administrators 2008-07-30 15:00:49 -07:00
client Building cifs.upcall is giving this build warning: 2008-08-05 15:36:11 -05:00
codepages
exports build: fix build of libaddns shared lib. symbols file was missing. 2008-07-11 14:39:30 +02:00
groupdb Add fix from Simo for bug #5540 - missing code to substitute 2008-07-14 12:40:33 -07:00
include dssync keytab: add support for keeping track of the up-to-date-ness vector. 2008-08-01 16:04:40 +02:00
iniparser
iniparser_build
intl use tdb_wipe_all() instead of tdb_wipe() - it is faster... 2008-03-26 10:50:35 +01:00
lib secrets: fix replacemend random seed generator (security issue). 2008-08-05 23:44:00 +02:00
libaddns Fix an uninitialized variable, Coverity ID 481 2008-03-06 11:47:31 +01:00
libads Fix uninitialized variables. 2008-07-30 16:06:30 -07:00
libcli/nbt Fix a bogus uninitialized variable warning in IDL-based nbt code 2008-04-19 17:56:35 +02:00
libgpo Cleanup size_t return values in callers of convert_string_allocate 2008-05-20 22:40:13 +02:00
libnet libnet_keytab: fix the build with heimdal 2008-08-04 14:28:02 +02:00
librpc libnetunjoin: add use_kerberos flag. 2008-07-31 14:35:16 +02:00
libsmb clikrb5: don't use krb5_keyblock_init() when no salt is specified 2008-08-04 13:52:18 +02:00
locking Fix alignment problems on sparc, bug 5512 2008-07-09 20:47:31 +02:00
m4 Add --enable-picky-developer 2008-07-22 15:00:48 +02:00
modules Fix the build of vfs_zfsacl.c 2008-07-18 17:53:58 +02:00
nmbd nmbd: untangle logic in nmbd_messaging_context() slightly. 2008-06-26 12:31:11 +02:00
nsswitch build: fix some no previous prototype warnings. 2008-07-30 18:10:46 +02:00
pam_smbpass Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. 2008-07-02 10:51:45 -07:00
param testparm: Display warning if invalid values are used. 2008-07-30 16:31:09 +02:00
passdb pdb_interface: Fix typo in debug message. 2008-07-29 12:05:40 +02:00
pkgconfig libwbclient: add wbclient.pc.in 2008-01-15 10:43:43 +01:00
po po/genmsg: be more portable, use 'printf "%s"' instead of 'echo -n' 2008-04-01 16:16:55 +02:00
popt
printing Allow %u parameters for print job username - use advanced sub 2008-07-16 12:37:48 -04:00
profile Yay ! Remove a VFS entry. Removed the set_nt_acl() call, 2008-05-08 18:09:07 -07:00
registry registry: use _bystring wrappers to dbwrap_trans_(store|delete). 2008-08-05 23:40:26 +02:00
rpc_client rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. 2008-07-30 19:14:00 +02:00
rpc_parse rpc_parse: Unify spoolss debug messages. 2008-07-22 21:46:14 +02:00
rpc_server Fix duplicate gloabl warning. 2008-07-30 15:01:33 -07:00
rpcclient rpcclient: Set the pid filed of the outgoing DsBindInfo to 0. 2008-07-28 14:08:34 +02:00
script testsuite: fix expr error on Tru64, triggered by uninitialized failed variable. 2008-07-21 11:23:55 +02:00
services Revert "Fix a memleak in svcctl_init_keys()" 2008-06-18 16:31:35 +02:00
smbd Fix a debug message 2008-07-27 18:41:19 +02:00
stf
tests configure: remove unused configure check for HAVE_WORKING_AF_LOCAL 2008-05-17 13:18:31 +02:00
torture Revert "Pass NULL to gencache_get when we are not interested in the timeout value" 2008-07-11 17:53:25 +02:00
utils vampire keytab: add command line switch --clean-old-entries . 2008-08-01 16:08:00 +02:00
web Fix swat. Bug #5613. 2008-07-15 14:37:48 -07:00
winbindd winbindd: handle trusted domains without sid. 2008-07-30 17:09:58 +02:00
.dmallocrc
.indent.pro
autogen.sh Remove references to SVN. 2008-06-17 10:43:19 +02:00
change-log
config.guess
config.sub
configure.developer
configure.in Check for f_frsize when using statvfs 2008-07-22 15:00:48 +02:00
Doxyfile
dynconfig.c popt: Use SMB_CONF_PATH environment var if no other configfile is set. 2008-02-04 17:41:23 +01:00
install-sh
mainpage.dox
Makefile.in Make DSO_EXPORTS_CMD regexp more POSIX compliant 2008-07-22 15:00:48 +02:00
smbadduser.in
VERSION Simplify samba_version_string. 2008-07-17 14:16:19 +02:00