git.samba.org - mat/samba.git/commit - source3/rpc_server/samr/srv_samr

author	Andrew Bartlett <abartlet@samba.org>
	Thu, 7 Nov 2013 03:23:12 +0000 (16:23 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 13 Mar 2014 09:26:03 +0000 (10:26 +0100)
commit	9f53b61f0674f7855a42b8e0de66f343f4592589
tree	d5f0cf798bcc5927d3aa1e8077bc19f73c939c34	tree
parent	76e5ea3a2c5f49cfc1026bd7c6b8baddb1e7dc16	commit \| diff

CVE-2013-4496:samr: Remove ChangePasswordUser

This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.  It also has quite difficult semantics to handle regarding
password lockout.

The missing features in both implementations (by design) were:

- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)

Additionally, the source3 version did not check:

- the minimum password age
- pdb_get_pass_can_change() which checks the security
   descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password.  It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37

source3/rpc_server/samr/srv_samr_nt.c		diff \| blob \| history
source3/smbd/lanman.c		diff \| blob \| history
source4/rpc_server/samr/samr_password.c		diff \| blob \| history
source4/torture/rpc/samr.c		diff \| blob \| history