sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
65c473d4a5
samba-mirror/source3/rpc_server
History
Joseph Sutton 65c473d4a5 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change 
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:38 +00:00
..
dfs s3: smbd: Remove allow_broken_path from create_junction(). 2022-08-28 19:59:28 +00:00
dssetup CVE-2020-25717: Add FreeIPA domain controller role 2021-11-09 19:45:33 +00:00
echo s3:rpc_server: Do not include s3 autogenerated headers 2020-03-20 15:36:36 +00:00
epmapper rpc_server3: Remove pipes_struct->local_address 2022-01-05 00:11:37 +00:00
eventlog rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
fss rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
initshutdown s3:rpc_server: Do not include s3 autogenerated headers 2020-03-20 15:36:36 +00:00
lsa rpc_server3: Remove pipes_struct->auth 2022-01-05 00:11:38 +00:00
mdssvc mdssvc: check if the user closed the query before trying to read the HTTP response from Elasticsearch 2022-08-03 14:00:36 +00:00
netlogon lib/util: Change function to data_blob_equal_const_time() 2022-06-09 22:49:29 +00:00
ntsvcs rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
samr CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change 2022-09-12 23:07:38 +00:00
spoolss rpc_server3: Remove pipes_struct->auth 2022-01-05 00:11:38 +00:00
srvsvc smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL() 2022-08-10 15:32:35 +00:00
svcctl rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
winreg rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
wkssvc rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
rpc_config.c dcesrv_core: wrap gensec_*() calls in [un]become_root() calls 2022-01-24 15:25:36 +00:00
rpc_config.h s3:rpc_server: Delete unused code and doc references 2021-12-10 14:02:30 +00:00
rpc_handles.c rpc_server3: Remove pipes_struct->session_info 2022-01-05 00:11:38 +00:00
rpc_host.c samba-dcerpcd: Silence a DEBUG message 2022-02-22 10:16:44 +00:00
rpc_ncacn_np.c rpc_server3: Inline single-use rpcint_binding_handle_ex() 2022-01-05 00:11:38 +00:00
rpc_ncacn_np.h s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00
rpc_pipes.h rpc_server3: No linked list for pipes_struct anymore 2022-01-05 00:11:38 +00:00
rpc_server.c rpc_server3: Inline pipes_struct into dcerpc_ncacn_conn 2022-01-05 00:11:38 +00:00
rpc_server.h rpc_server3: Inline pipes_struct into dcerpc_ncacn_conn 2022-01-05 00:11:38 +00:00
rpc_sock_helper.c s3:rpc_server: Delete unused code and doc references 2021-12-10 14:02:30 +00:00
rpc_sock_helper.h rpc_server: Consolidate transport-specific socket creation 2021-01-26 00:10:31 +00:00
rpc_worker.c dcesrv_core: wrap gensec_*() calls in [un]become_root() calls 2022-01-24 15:25:36 +00:00
rpc_worker.h s3:rpc_server: Implement the rpcd_* helper-end of the samba-dcerpc protocol 2021-12-10 14:02:30 +00:00
rpcd_classic.c rpc_server3: Initialize mangle_fns in classic and spoolss 2022-07-12 13:33:14 +00:00
rpcd_epmapper.c s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
rpcd_fsrvp.c s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
rpcd_lsad.c s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
rpcd_mdssvc.c s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
rpcd_rpcecho.c s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
rpcd_spoolss.c rpc_server3: Initialize mangle_fns in classic and spoolss 2022-07-12 13:33:14 +00:00
rpcd_winreg.c s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
srv_access_check.c s3:rpc_server: Set debug class in all rpc server related files 2019-07-22 16:49:15 +00:00
srv_access_check.h Covert all uint32/16/8 to _t in source3/rpc_server. 2015-05-15 19:31:24 +02:00
srv_pipe_hnd.c smbd: Adapt np_[read|write]_send() to more recent tevent_req conventions 2022-08-26 18:54:37 +00:00
srv_pipe_hnd.h s3:rpc_server: Retrieve dcesrv_context from parent context to open NP 2020-03-20 15:36:35 +00:00
wscript_build s3/rpc_server: install elasticsearch_mappings.json 2022-01-28 10:22:31 +00:00