git.samba.org - samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 5 Nov 2013 03:16:46 +0000 (16:16 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 11 Mar 2014 10:17:27 +0000 (11:17 +0100)
commit	906bf7fd50da8acd7720589fe0fe8b7ebde81a5a
tree	519ecf0be9964f6754c8cc2d20c26de22eee8e82	tree
parent	88c9f6820bafc74a93487e5d7d4b24768bd157a6	commit \| diff

CVE-2013-4496:samr: Remove ChangePasswordUser

This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.

The missing features in both implementations (by design) were:

- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)

Additionally, the source3 version did not check:

- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

source3/rpc_server/samr/srv_samr_nt.c		diff \| blob \| history
source3/smbd/lanman.c		diff \| blob \| history
source4/rpc_server/samr/samr_password.c		diff \| blob \| history
source4/torture/rpc/samr.c		diff \| blob \| history