sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Code
9f53b61f06
samba-mirror/source3
History
Andrew Bartlett 9f53b61f06 CVE-2013-4496:samr: Remove ChangePasswordUser 
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.  It also has quite difficult semantics to handle regarding
password lockout.

The missing features in both implementations (by design) were:

 - the password complexity checks (no plaintext)
 - the minimum password length (no plaintext)

Additionally, the source3 version did not check:

 - the minimum password age
 - pdb_get_pass_can_change() which checks the security
   descriptor for the 'user cannot change password' setting.
 - the password history
 - the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password.  It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37
2014-03-13 10:26:03 +01:00
..
auth CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. 2014-03-13 10:21:47 +01:00
build waf: improve iconv checks 2014-01-03 05:04:44 +01:00
client s3:client: only limit the buffer by the given length 'n' 2014-03-05 10:06:24 -08:00
exports
groupdb param: rename lp function and variable from "setprimarygroup_script" to "set_primary_group_script" 2014-02-07 16:19:12 -08:00
include gencache: Add gencache values to memcache 2014-03-11 19:56:46 +01:00
intl
lib gencache: Add gencache values to memcache 2014-03-11 19:56:46 +01:00
libads s3-kerberos: let kerberos_return_pac() return a PAC container. 2014-03-12 10:13:20 +01:00
libgpo libgpo: apply some const. 2014-01-07 18:52:42 +01:00
libnet s3-kerberos: remove unused kdc_name from create_local_private_krb5_conf_for_domain(). 2014-03-07 18:43:57 +01:00
librpc s3:dcerpc_ep: make use of dcerpc_binding_set_abstract_syntax() 2014-02-13 11:54:16 +01:00
libsmb s3-kerberos: remove unused kdc_name from create_local_private_krb5_conf_for_domain(). 2014-03-07 18:43:57 +01:00
locale
locking smbd: Fix an uninitialized memory read 2014-03-03 16:30:53 +01:00
modules vfs_catia: add chmod() 2014-03-11 13:39:17 +01:00
nmbd param: No longer have a special case for lp_configfile 2014-02-12 13:17:13 +13:00
pam_smbpass s3:pam_smbpass change includes 2013-12-07 16:45:15 +01:00
param s3:param: avoid using BUFFER_SIZE to limit the lp_min_receive_file_size() 2014-03-05 10:06:24 -08:00
passdb Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase. 2014-03-05 16:33:21 +01:00
printing s3-spoolssd: Don't register spoolssd if epmd is not running. 2014-02-27 16:47:47 +01:00
profile s3: remove some dead code (for setdir command) 2013-03-12 01:03:37 +01:00
registry s3:registry: introduce REG_DBWRAP_FLAGS to use for all db_open calls 2014-02-07 16:06:07 +01:00
rpc_client rpc_client: retry open on STATUS_PIPE_NOT_AVAILABLE 2014-03-04 03:03:24 +01:00
rpc_server CVE-2013-4496:samr: Remove ChangePasswordUser 2014-03-13 10:26:03 +01:00
rpcclient For FSRVP use textual error messages instead of hex error codes 2014-03-08 03:52:42 +01:00
script script: Remove unused and no-longer-working extract_allparms.sh 2014-01-28 17:26:35 +13:00
selftest s3: add --with-libarchive to build configuration 2014-02-19 18:22:29 +01:00
services
smbd CVE-2013-4496:samr: Remove ChangePasswordUser 2014-03-13 10:26:03 +01:00
stf
torture s3:torture: use CLI_BUFFER_SIZE instead of BUFFER_SIZE 2014-03-05 10:06:24 -08:00
utils s3-net: add a new "net ads kerberos pac save" tool. 2014-03-12 13:02:59 +01:00
web swat: Remove swat. 2013-05-18 16:32:38 +02:00
winbindd s3-kerberos: let kerberos_return_pac() return a PAC container. 2014-03-12 10:13:20 +01:00
.clang_complete
.dmallocrc
.indent.pro
change-log
Doxyfile
mainpage.dox
smbadduser.in
wscript build: Make order of arguments clearer by explicitly making the list of functions to look for a python list 2014-03-08 05:53:07 +01:00
wscript_build nsswitch: Remove fallback setting of WINBINDD_SOCKET_DIR 2014-03-05 18:34:48 +01:00
wscript_configure_system_ncurses build: fix --with-regedit to properly honour the yes/no/auto scheme 2013-05-06 18:24:58 +02:00