summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_221618_precise-64bit-prototype.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_221618_precise-64bit-prototype.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch)4
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_601406_fix-perl-path-in-example.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_601406_fix-perl-path-in-example.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_drop-using-samba-link.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_drop-using-samba-link.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_fix-WHATSNEW-link.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_fix-WHATSNEW-link.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-core_pattern-cross-check.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-core_pattern-cross-check.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-getaddrinfo-cross.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-getaddrinfo-cross.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-libunwind.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-libunwind.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation.patch)16
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation2.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation2.patch)8
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/dont-build-VFS-examples.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/dont-build-VFS-examples.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/fhs-filespaths.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/fhs-filespaths.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/installswat.sh.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/installswat.sh.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/libutil_drop_AI_ADDRCONFIG.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/libutil_drop_AI_ADDRCONFIG.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/only_export_public_symbols.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/only_export_public_symbols.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/pam-examples.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/pam-examples.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/shadow_copy2_backport.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/shadow_copy2_backport.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/smbclient-pager.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/smbclient-pager.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtar-bashism.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtar-bashism.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtorture-manpage.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtorture-manpage.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/undefined-symbols.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/undefined-symbols.patch)6
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/usershare.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/usershare.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba-3.6.24/waf-as-source.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/waf-as-source.patch)0
-rw-r--r--meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch160
-rw-r--r--meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch43
-rw-r--r--meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch102
-rw-r--r--meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch966
-rw-r--r--meta-oe/recipes-connectivity/samba/samba_3.6.24.bb (renamed from meta-oe/recipes-connectivity/samba/samba_3.6.8.bb)11
29 files changed, 19 insertions, 1297 deletions
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_221618_precise-64bit-prototype.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_221618_precise-64bit-prototype.patch
index 31108f2e8..31108f2e8 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_221618_precise-64bit-prototype.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_221618_precise-64bit-prototype.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch
index ea499a6eb..d9cc633d4 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch
@@ -27,8 +27,8 @@ Index: samba/docs/manpages/smbspool.8
27 .sp -1 27 .sp -1
28 .IP \(bu 2.3 28 .IP \(bu 2.3
29 .\} 29 .\}
30-The user argument (argv[2]) contains the print user\'s name and is presently not used by smbspool\&. 30-The user argument (argv[2]) contains the print user\*(Aqs name and is presently not used by smbspool\&.
31+The user argument (argv[2]) contains the print user\'s name and is presently not used by smbspool except in Kerberos environments to access the user\'s ticket cache\&. 31+The user argument (argv[2]) contains the print user\*(Aqs name and is presently not used by smbspool except in Kerberos environments to access the user\'s ticket cache\&.
32 .RE 32 .RE
33 .sp 33 .sp
34 .RS 4 34 .RS 4
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch
index dcd94e425..dcd94e425 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_601406_fix-perl-path-in-example.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_601406_fix-perl-path-in-example.patch
index ba8b1f425..ba8b1f425 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_601406_fix-perl-path-in-example.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_601406_fix-perl-path-in-example.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_drop-using-samba-link.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_drop-using-samba-link.patch
index 0c54b6b0b..0c54b6b0b 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_drop-using-samba-link.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_drop-using-samba-link.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_fix-WHATSNEW-link.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_fix-WHATSNEW-link.patch
index c7dd043fb..c7dd043fb 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_fix-WHATSNEW-link.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_fix-WHATSNEW-link.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-core_pattern-cross-check.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-core_pattern-cross-check.patch
index 2d9618973..2d9618973 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-core_pattern-cross-check.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-core_pattern-cross-check.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-getaddrinfo-cross.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-getaddrinfo-cross.patch
index 84ecd498f..84ecd498f 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-getaddrinfo-cross.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-getaddrinfo-cross.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-libunwind.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-libunwind.patch
index 9a2cb00eb..9a2cb00eb 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-libunwind.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-libunwind.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation.patch
index 46ace234e..73111fed7 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation.patch
@@ -6,7 +6,7 @@ Index: experimental/docs/manpages/swat.8
6=================================================================== 6===================================================================
7--- experimental.orig/docs/manpages/swat.8 7--- experimental.orig/docs/manpages/swat.8
8+++ experimental/docs/manpages/swat.8 8+++ experimental/docs/manpages/swat.8
9@@ -111,86 +111,6 @@ 9@@ -120,86 +120,6 @@
10 .RS 4 10 .RS 4
11 Print a summary of command line options\&. 11 Print a summary of command line options\&.
12 .RE 12 .RE
@@ -73,7 +73,7 @@ Index: experimental/docs/manpages/swat.8
73-/etc/services 73-/etc/services
74-file\&. 74-file\&.
75-.PP 75-.PP
76-the choice of port number isn\'t really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your 76-the choice of port number isn\*(Aqt really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your
77-inetd 77-inetd
78-daemon)\&. 78-daemon)\&.
79-.PP 79-.PP
@@ -93,7 +93,7 @@ Index: experimental/docs/manpages/swat.8
93 .SH "LAUNCHING" 93 .SH "LAUNCHING"
94 .PP 94 .PP
95 To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&. 95 To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&.
96@@ -208,14 +128,11 @@ 96@@ -217,14 +137,11 @@
97 This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&. 97 This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
98 .RE 98 .RE
99 .PP 99 .PP
@@ -260,20 +260,20 @@ Index: experimental/docs/manpages/winbindd.8
260=================================================================== 260===================================================================
261--- experimental.orig/docs/manpages/winbindd.8 261--- experimental.orig/docs/manpages/winbindd.8
262+++ experimental/docs/manpages/winbindd.8 262+++ experimental/docs/manpages/winbindd.8
263@@ -550,16 +550,16 @@ 263@@ -539,16 +539,16 @@
264 file are owned by root\&. 264 file are owned by root\&.
265 .RE 265 .RE
266 .PP 266 .PP
267-$LOCKDIR/winbindd_privileged/pipe 267-$LOCKDIR/winbindd_privileged/pipe
268+/var/run/samba/winbindd_privileged/pipe 268+/var/run/samba/winbindd_privileged/pipe
269 .RS 4 269 .RS 4
270 The UNIX pipe over which \'privileged\' clients communicate with the 270 The UNIX pipe over which \*(Aqprivileged\*(Aq clients communicate with the
271 winbindd 271 winbindd
272 program\&. For security reasons, access to some winbindd functions \- like those needed by the 272 program\&. For security reasons, access to some winbindd functions \- like those needed by the
273 ntlm_auth 273 ntlm_auth
274-utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the 274-utility \- is restricted\&. By default, only users in the \*(Aqroot\*(Aq group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \*(Aqsquid\*(Aq to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
275-$LOCKDIR/winbindd_privileged 275-$LOCKDIR/winbindd_privileged
276+utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the 276+utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
277+/var/run/samba/winbindd_privileged 277+/var/run/samba/winbindd_privileged
278 directory and 278 directory and
279-$LOCKDIR/winbindd_privileged/pipe 279-$LOCKDIR/winbindd_privileged/pipe
@@ -281,7 +281,7 @@ Index: experimental/docs/manpages/winbindd.8
281 file are owned by root\&. 281 file are owned by root\&.
282 .RE 282 .RE
283 .PP 283 .PP
284@@ -568,15 +568,12 @@ 284@@ -557,15 +557,12 @@
285 Implementation of name service switch library\&. 285 Implementation of name service switch library\&.
286 .RE 286 .RE
287 .PP 287 .PP
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation2.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation2.patch
index 902e8e230..af8da32d5 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation2.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation2.patch
@@ -212,8 +212,8 @@ Index: samba/docs/manpages/nmbd.8
212 \fBsmb.conf\fR(5), 212 \fBsmb.conf\fR(5),
213 \fBsmbclient\fR(1), 213 \fBsmbclient\fR(1),
214-\fBtestparm\fR(1), 214-\fBtestparm\fR(1),
215-\fBtestprns\fR(1), and the Internet RFC\'s 215-\fBtestprns\fR(1), and the Internet RFC\*(Aqs
216+\fBtestparm\fR(1), and the Internet RFC\'s 216+\fBtestparm\fR(1), and the Internet RFC\*(Aqs
217 rfc1001\&.txt, 217 rfc1001\&.txt,
218 rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page 218 rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page
219 http://samba\&.org/cifs/\&. 219 http://samba\&.org/cifs/\&.
@@ -269,8 +269,8 @@ Index: samba/docs/manpages/smbd.8
269 \fBsmb.conf\fR(5), 269 \fBsmb.conf\fR(5),
270 \fBsmbclient\fR(1), 270 \fBsmbclient\fR(1),
271-\fBtestparm\fR(1), 271-\fBtestparm\fR(1),
272-\fBtestprns\fR(1), and the Internet RFC\'s 272-\fBtestprns\fR(1), and the Internet RFC\*(Aqs
273+\fBtestparm\fR(1), and the Internet RFC\'s 273+\fBtestparm\fR(1), and the Internet RFC\*(Aqs
274 rfc1001\&.txt, 274 rfc1001\&.txt,
275 rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page 275 rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page
276 http://samba\&.org/cifs/\&. 276 http://samba\&.org/cifs/\&.
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/dont-build-VFS-examples.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/dont-build-VFS-examples.patch
index beff7db67..beff7db67 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/dont-build-VFS-examples.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/dont-build-VFS-examples.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/fhs-filespaths.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/fhs-filespaths.patch
index e7c6b9995..e7c6b9995 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/fhs-filespaths.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/fhs-filespaths.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/installswat.sh.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/installswat.sh.patch
index 3f08e493a..3f08e493a 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/installswat.sh.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/installswat.sh.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/libutil_drop_AI_ADDRCONFIG.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/libutil_drop_AI_ADDRCONFIG.patch
index d3473ea40..d3473ea40 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/libutil_drop_AI_ADDRCONFIG.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/libutil_drop_AI_ADDRCONFIG.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/only_export_public_symbols.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/only_export_public_symbols.patch
index f4fbd56a1..f4fbd56a1 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/only_export_public_symbols.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/only_export_public_symbols.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/pam-examples.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/pam-examples.patch
index 9b36e14e3..9b36e14e3 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/pam-examples.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/pam-examples.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/shadow_copy2_backport.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/shadow_copy2_backport.patch
index dbd10489f..dbd10489f 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/shadow_copy2_backport.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/shadow_copy2_backport.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbclient-pager.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbclient-pager.patch
index 429f2cec4..429f2cec4 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbclient-pager.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbclient-pager.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtar-bashism.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtar-bashism.patch
index 27a47cb51..27a47cb51 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtar-bashism.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtar-bashism.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtorture-manpage.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtorture-manpage.patch
index 59930b5e5..59930b5e5 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtorture-manpage.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtorture-manpage.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/undefined-symbols.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/undefined-symbols.patch
index 3ab0027ee..5babc1e38 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/undefined-symbols.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/undefined-symbols.patch
@@ -13,12 +13,12 @@ Index: experimental/source3/Makefile.in
13=================================================================== 13===================================================================
14--- experimental.orig/source3/Makefile.in 14--- experimental.orig/source3/Makefile.in
15+++ experimental/source3/Makefile.in 15+++ experimental/source3/Makefile.in
16@@ -2281,7 +2281,7 @@ 16@@ -2594,7 +2594,7 @@
17 17
18 $(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) $(LIBSMBCLIENT_SYMS) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) 18 $(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) $(LIBSMBCLIENT_SYMS) $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT)
19 @echo Linking shared library $@ 19 @echo Linking shared library $@
20- @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \ 20- @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \
21+ @$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \ 21+ @$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \
22 $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBS) \ 22 $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBS) \
23 $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS) \ 23 $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS) \
24 @SONAMEFLAG@`basename $@` 24 @SONAMEFLAG@`basename $@`
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/usershare.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/usershare.patch
index 3673db751..3673db751 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/usershare.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/usershare.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/waf-as-source.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/waf-as-source.patch
index 985ed5af1..985ed5af1 100644
--- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/waf-as-source.patch
+++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/waf-as-source.patch
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch
deleted file mode 100644
index cccb34127..000000000
--- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch
+++ /dev/null
@@ -1,160 +0,0 @@
1Upstream-Status: Backport
2
3From 71225948a249f079120282740fcc39fd6faa880e Mon Sep 17 00:00:00 2001
4From: Kai Blin <kai@samba.org>
5Date: Fri, 18 Jan 2013 23:11:07 +0100
6Subject: [PATCH 1/2] swat: Use X-Frame-Options header to avoid clickjacking
7
8Jann Horn reported a potential clickjacking vulnerability in SWAT where
9the SWAT page could be embedded into an attacker's page using a frame or
10iframe and then used to trick the user to change Samba settings.
11
12Avoid this by telling the browser to refuse the frame embedding via the
13X-Frame-Options: DENY header.
14
15Signed-off-by: Kai Blin <kai@samba.org>
16
17Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
18---
19 source3/web/swat.c | 3 ++-
20 1 files changed, 2 insertions(+), 1 deletions(-)
21
22diff --git a/source3/web/swat.c b/source3/web/swat.c
23index 1f6eb6c..ed80c38 100644
24--- a/source3/web/swat.c
25+++ b/source3/web/swat.c
26@@ -266,7 +266,8 @@ static void print_header(void)
27 if (!cgi_waspost()) {
28 printf("Expires: 0\r\n");
29 }
30- printf("Content-type: text/html\r\n\r\n");
31+ printf("Content-type: text/html\r\n");
32+ printf("X-Frame-Options: DENY\r\n\r\n");
33
34 if (!include_html("include/header.html")) {
35 printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");
36--
371.7.7
38
39
40From 91f4275873ebeda8f57684f09df67162ae80515a Mon Sep 17 00:00:00 2001
41From: Kai Blin <kai@samba.org>
42Date: Mon, 28 Jan 2013 21:41:07 +0100
43Subject: [PATCH 2/2] swat: Use additional nonce on XSRF protection
44
45If the user had a weak password on the root account of a machine running
46SWAT, there still was a chance of being targetted by an XSRF on a
47malicious web site targetting the SWAT setup.
48
49Use a random nonce stored in secrets.tdb to close this possible attack
50window. Thanks to Jann Horn for reporting this issue.
51
52Signed-off-by: Kai Blin <kai@samba.org>
53
54Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
55---
56 source3/web/cgi.c | 40 ++++++++++++++++++++++++++--------------
57 source3/web/swat.c | 2 ++
58 source3/web/swat_proto.h | 1 +
59 3 files changed, 29 insertions(+), 14 deletions(-)
60
61diff --git a/source3/web/cgi.c b/source3/web/cgi.c
62index ef1b856..861bc84 100644
63--- a/source3/web/cgi.c
64+++ b/source3/web/cgi.c
65@@ -48,6 +48,7 @@ static const char *baseurl;
66 static char *pathinfo;
67 static char *C_user;
68 static char *C_pass;
69+static char *C_nonce;
70 static bool inetd_server;
71 static bool got_request;
72
73@@ -329,20 +330,7 @@ static void cgi_web_auth(void)
74 C_user = SMB_STRDUP(user);
75
76 if (!setuid(0)) {
77- C_pass = secrets_fetch_generic("root", "SWAT");
78- if (C_pass == NULL) {
79- char *tmp_pass = NULL;
80- tmp_pass = generate_random_password(talloc_tos(),
81- 16, 16);
82- if (tmp_pass == NULL) {
83- printf("%sFailed to create random nonce for "
84- "SWAT session\n<br>%s\n", head, tail);
85- exit(0);
86- }
87- secrets_store_generic("root", "SWAT", tmp_pass);
88- C_pass = SMB_STRDUP(tmp_pass);
89- TALLOC_FREE(tmp_pass);
90- }
91+ C_pass = SMB_STRDUP(cgi_nonce());
92 }
93 setuid(pwd->pw_uid);
94 if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
95@@ -459,6 +447,30 @@ char *cgi_user_pass(void)
96 }
97
98 /***************************************************************************
99+return a ptr to the nonce
100+ ***************************************************************************/
101+char *cgi_nonce(void)
102+{
103+ const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
104+ const char *tail = "</BODY></HTML>\r\n";
105+ C_nonce = secrets_fetch_generic("root", "SWAT");
106+ if (C_nonce == NULL) {
107+ char *tmp_pass = NULL;
108+ tmp_pass = generate_random_password(talloc_tos(),
109+ 16, 16);
110+ if (tmp_pass == NULL) {
111+ printf("%sFailed to create random nonce for "
112+ "SWAT session\n<br>%s\n", head, tail);
113+ exit(0);
114+ }
115+ secrets_store_generic("root", "SWAT", tmp_pass);
116+ C_nonce = SMB_STRDUP(tmp_pass);
117+ TALLOC_FREE(tmp_pass);
118+ }
119+ return(C_nonce);
120+}
121+
122+/***************************************************************************
123 handle a file download
124 ***************************************************************************/
125 static void cgi_download(char *file)
126diff --git a/source3/web/swat.c b/source3/web/swat.c
127index ed80c38..f8933d2 100644
128--- a/source3/web/swat.c
129+++ b/source3/web/swat.c
130@@ -154,6 +154,7 @@ void get_xsrf_token(const char *username, const char *pass,
131 MD5_CTX md5_ctx;
132 uint8_t token[16];
133 int i;
134+ char *nonce = cgi_nonce();
135
136 token_str[0] = '\0';
137 ZERO_STRUCT(md5_ctx);
138@@ -167,6 +168,7 @@ void get_xsrf_token(const char *username, const char *pass,
139 if (pass != NULL) {
140 MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
141 }
142+ MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce));
143
144 MD5Final(token, &md5_ctx);
145
146diff --git a/source3/web/swat_proto.h b/source3/web/swat_proto.h
147index 424a3af..fe51b1f 100644
148--- a/source3/web/swat_proto.h
149+++ b/source3/web/swat_proto.h
150@@ -32,6 +32,7 @@ const char *cgi_variable_nonull(const char *name);
151 bool am_root(void);
152 char *cgi_user_name(void);
153 char *cgi_user_pass(void);
154+char *cgi_nonce(void);
155 void cgi_setup(const char *rootdir, int auth_required);
156 const char *cgi_baseurl(void);
157 const char *cgi_pathinfo(void);
158--
1591.7.7
160
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch
deleted file mode 100644
index 54b8edfbe..000000000
--- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1Upstream-Status: Backport
2
3From efdbcabbe97a594572d71d714d258a5854c5d8ce Mon Sep 17 00:00:00 2001
4From: Jeremy Allison <jra@samba.org>
5Date: Wed, 10 Jul 2013 17:10:17 -0700
6Subject: [PATCH] Fix bug #10010 - Missing integer wrap protection in EA list
7 reading can cause server to loop with DOS.
8
9Ensure we never wrap whilst adding client provided input.
10CVE-2013-4124
11
12Signed-off-by: Jeremy Allison <jra@samba.org>
13---
14 source3/smbd/nttrans.c | 12 ++++++++++++
15 1 file changed, 12 insertions(+)
16
17diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
18index ea9d417..5fc3a09 100644
19--- a/source3/smbd/nttrans.c
20+++ b/source3/smbd/nttrans.c
21@@ -989,7 +989,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t
22 if (next_offset == 0) {
23 break;
24 }
25+
26+ /* Integer wrap protection for the increment. */
27+ if (offset + next_offset < offset) {
28+ break;
29+ }
30+
31 offset += next_offset;
32+
33+ /* Integer wrap protection for while loop. */
34+ if (offset + 4 < offset) {
35+ break;
36+ }
37+
38 }
39
40 return ea_list_head;
41--
421.7.10.4
43
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch
deleted file mode 100644
index a435c08b5..000000000
--- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch
+++ /dev/null
@@ -1,102 +0,0 @@
1Upstream-Status: Backport
2
3From 928910f01f951657ea4629a6d573ac00646d16f8 Mon Sep 17 00:00:00 2001
4From: Jeremy Allison <jra@samba.org>
5Date: Thu, 31 Oct 2013 13:48:42 -0700
6Subject: [PATCH] Fix bug #10229 - No access check verification on stream
7 files.
8
9https://bugzilla.samba.org/show_bug.cgi?id=10229
10
11We need to check if the requested access mask
12could be used to open the underlying file (if
13it existed), as we're passing in zero for the
14access mask to the base filename.
15
16Signed-off-by: Jeremy Allison <jra@samba.org>
17---
18 source3/smbd/open.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++
19 1 file changed, 61 insertions(+)
20
21diff --git a/source3/smbd/open.c b/source3/smbd/open.c
22index 447de80..441b8cd 100644
23--- a/source3/smbd/open.c
24+++ b/source3/smbd/open.c
25@@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
26 }
27
28 /****************************************************************************
29+ Ensure when opening a base file for a stream open that we have permissions
30+ to do so given the access mask on the base file.
31+****************************************************************************/
32+
33+static NTSTATUS check_base_file_access(struct connection_struct *conn,
34+ struct smb_filename *smb_fname,
35+ uint32_t access_mask)
36+{
37+ uint32_t access_granted = 0;
38+ NTSTATUS status;
39+
40+ status = smbd_calculate_access_mask(conn, smb_fname,
41+ false,
42+ access_mask,
43+ &access_mask);
44+ if (!NT_STATUS_IS_OK(status)) {
45+ DEBUG(10, ("smbd_calculate_access_mask "
46+ "on file %s returned %s\n",
47+ smb_fname_str_dbg(smb_fname),
48+ nt_errstr(status)));
49+ return status;
50+ }
51+
52+ if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
53+ uint32_t dosattrs;
54+ if (!CAN_WRITE(conn)) {
55+ return NT_STATUS_ACCESS_DENIED;
56+ }
57+ dosattrs = dos_mode(conn, smb_fname);
58+ if (IS_DOS_READONLY(dosattrs)) {
59+ return NT_STATUS_ACCESS_DENIED;
60+ }
61+ }
62+
63+
64+ return smbd_check_open_rights(conn,
65+ smb_fname,
66+ access_mask,
67+ &access_granted);
68+}
69+
70+/****************************************************************************
71 fd support routines - attempt to do a dos_open.
72 ****************************************************************************/
73
74@@ -3227,6 +3269,25 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
75 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
76 DEBUG(10, ("Unable to stat stream: %s\n",
77 smb_fname_str_dbg(smb_fname_base)));
78+ } else {
79+ /*
80+ * https://bugzilla.samba.org/show_bug.cgi?id=10229
81+ * We need to check if the requested access mask
82+ * could be used to open the underlying file (if
83+ * it existed), as we're passing in zero for the
84+ * access mask to the base filename.
85+ */
86+ status = check_base_file_access(conn,
87+ smb_fname_base,
88+ access_mask);
89+
90+ if (!NT_STATUS_IS_OK(status)) {
91+ DEBUG(10, ("Permission check "
92+ "for base %s failed: "
93+ "%s\n", smb_fname->base_name,
94+ nt_errstr(status)));
95+ goto fail;
96+ }
97 }
98
99 /* Open the base file. */
100--
1011.8.4.1
102
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch
deleted file mode 100644
index c190a6c50..000000000
--- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch
+++ /dev/null
@@ -1,966 +0,0 @@
1Upstream-Status: Backport
2
3From 25066eb31d6608075b5993b0d19b3e0843cdadeb Mon Sep 17 00:00:00 2001
4From: Andrew Bartlett <abartlet@samba.org>
5Date: Fri, 1 Nov 2013 14:55:44 +1300
6Subject: [PATCH 1/3] CVE-2013-4496:s3-samr: Block attempts to crack passwords
7 via repeated password changes
8
9Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
10
11Signed-off-by: Andrew Bartlett <abartlet@samba.org>
12Signed-off-by: Stefan Metzmacher <metze@samba.org>
13Signed-off-by: Jeremy Allison <jra@samba.org>
14Reviewed-by: Stefan Metzmacher <metze@samba.org>
15Reviewed-by: Jeremy Allison <jra@samba.org>
16Reviewed-by: Andreas Schneider <asn@samba.org>
17---
18 source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++++++++++++++++
19 source3/rpc_server/samr/srv_samr_nt.c | 90 +++++++++++++++++++++-----
20 2 files changed, 129 insertions(+), 16 deletions(-)
21
22diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
23index 0b4b25b..59905be 100644
24--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
25+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
26@@ -1106,6 +1106,8 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
27 struct samu *sampass = NULL;
28 NTSTATUS nt_status;
29 bool ret = false;
30+ bool updated_badpw = false;
31+ NTSTATUS update_login_attempts_status;
32
33 if (!(sampass = samu_new(NULL))) {
34 return NT_STATUS_NO_MEMORY;
35@@ -1121,6 +1123,13 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
36 return NT_STATUS_NO_SUCH_USER;
37 }
38
39+ /* Quit if the account was locked out. */
40+ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
41+ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", user));
42+ TALLOC_FREE(sampass);
43+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
44+ }
45+
46 nt_status = check_oem_password(user,
47 password_encrypted_with_lm_hash,
48 old_lm_hash_encrypted,
49@@ -1129,6 +1138,52 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
50 sampass,
51 &new_passwd);
52
53+ /*
54+ * Notify passdb backend of login success/failure. If not
55+ * NT_STATUS_OK the backend doesn't like the login
56+ */
57+ update_login_attempts_status = pdb_update_login_attempts(sampass,
58+ NT_STATUS_IS_OK(nt_status));
59+
60+ if (!NT_STATUS_IS_OK(nt_status)) {
61+ bool increment_bad_pw_count = false;
62+
63+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) &&
64+ (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
65+ NT_STATUS_IS_OK(update_login_attempts_status))
66+ {
67+ increment_bad_pw_count = true;
68+ }
69+
70+ if (increment_bad_pw_count) {
71+ pdb_increment_bad_password_count(sampass);
72+ updated_badpw = true;
73+ } else {
74+ pdb_update_bad_password_count(sampass,
75+ &updated_badpw);
76+ }
77+ } else {
78+
79+ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
80+ (pdb_get_bad_password_count(sampass) > 0)){
81+ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
82+ pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
83+ updated_badpw = true;
84+ }
85+ }
86+
87+ if (updated_badpw) {
88+ NTSTATUS update_status;
89+ become_root();
90+ update_status = pdb_update_sam_account(sampass);
91+ unbecome_root();
92+
93+ if (!NT_STATUS_IS_OK(update_status)) {
94+ DEBUG(1, ("Failed to modify entry: %s\n",
95+ nt_errstr(update_status)));
96+ }
97+ }
98+
99 if (!NT_STATUS_IS_OK(nt_status)) {
100 TALLOC_FREE(sampass);
101 return nt_status;
102diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
103index 78ef1ba..3241b97 100644
104--- a/source3/rpc_server/samr/srv_samr_nt.c
105+++ b/source3/rpc_server/samr/srv_samr_nt.c
106@@ -1715,9 +1715,11 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
107 NTSTATUS status;
108 bool ret = false;
109 struct samr_user_info *uinfo;
110- struct samu *pwd;
111+ struct samu *pwd = NULL;
112 struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
113 struct samr_Password lm_pwd, nt_pwd;
114+ bool updated_badpw = false;
115+ NTSTATUS update_login_attempts_status;
116
117 uinfo = policy_handle_find(p, r->in.user_handle,
118 SAMR_USER_ACCESS_SET_PASSWORD, NULL,
119@@ -1729,6 +1731,15 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
120 DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
121 sid_string_dbg(&uinfo->sid)));
122
123+ /* basic sanity checking on parameters. Do this before any database ops */
124+ if (!r->in.lm_present || !r->in.nt_present ||
125+ !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
126+ !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
127+ /* we should really handle a change with lm not
128+ present */
129+ return NT_STATUS_INVALID_PARAMETER_MIX;
130+ }
131+
132 if (!(pwd = samu_new(NULL))) {
133 return NT_STATUS_NO_MEMORY;
134 }
135@@ -1742,6 +1753,14 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
136 return NT_STATUS_WRONG_PASSWORD;
137 }
138
139+ /* Quit if the account was locked out. */
140+ if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {
141+ DEBUG(3, ("Account for user %s was locked out.\n",
142+ pdb_get_username(pwd)));
143+ status = NT_STATUS_ACCOUNT_LOCKED_OUT;
144+ goto out;
145+ }
146+
147 {
148 const uint8_t *lm_pass, *nt_pass;
149
150@@ -1750,29 +1769,19 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
151
152 if (!lm_pass || !nt_pass) {
153 status = NT_STATUS_WRONG_PASSWORD;
154- goto out;
155+ goto update_login;
156 }
157
158 memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
159 memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
160 }
161
162- /* basic sanity checking on parameters. Do this before any database ops */
163- if (!r->in.lm_present || !r->in.nt_present ||
164- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
165- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
166- /* we should really handle a change with lm not
167- present */
168- status = NT_STATUS_INVALID_PARAMETER_MIX;
169- goto out;
170- }
171-
172 /* decrypt and check the new lm hash */
173 D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
174 D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
175 if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
176 status = NT_STATUS_WRONG_PASSWORD;
177- goto out;
178+ goto update_login;
179 }
180
181 /* decrypt and check the new nt hash */
182@@ -1780,7 +1789,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
183 D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
184 if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
185 status = NT_STATUS_WRONG_PASSWORD;
186- goto out;
187+ goto update_login;
188 }
189
190 /* The NT Cross is not required by Win2k3 R2, but if present
191@@ -1789,7 +1798,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
192 D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
193 if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
194 status = NT_STATUS_WRONG_PASSWORD;
195- goto out;
196+ goto update_login;
197 }
198 }
199
200@@ -1799,7 +1808,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
201 D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
202 if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
203 status = NT_STATUS_WRONG_PASSWORD;
204- goto out;
205+ goto update_login;
206 }
207 }
208
209@@ -1810,6 +1819,55 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
210 }
211
212 status = pdb_update_sam_account(pwd);
213+
214+update_login:
215+
216+ /*
217+ * Notify passdb backend of login success/failure. If not
218+ * NT_STATUS_OK the backend doesn't like the login
219+ */
220+ update_login_attempts_status = pdb_update_login_attempts(pwd,
221+ NT_STATUS_IS_OK(status));
222+
223+ if (!NT_STATUS_IS_OK(status)) {
224+ bool increment_bad_pw_count = false;
225+
226+ if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&
227+ (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
228+ NT_STATUS_IS_OK(update_login_attempts_status))
229+ {
230+ increment_bad_pw_count = true;
231+ }
232+
233+ if (increment_bad_pw_count) {
234+ pdb_increment_bad_password_count(pwd);
235+ updated_badpw = true;
236+ } else {
237+ pdb_update_bad_password_count(pwd,
238+ &updated_badpw);
239+ }
240+ } else {
241+
242+ if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
243+ (pdb_get_bad_password_count(pwd) > 0)){
244+ pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);
245+ pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);
246+ updated_badpw = true;
247+ }
248+ }
249+
250+ if (updated_badpw) {
251+ NTSTATUS update_status;
252+ become_root();
253+ update_status = pdb_update_sam_account(pwd);
254+ unbecome_root();
255+
256+ if (!NT_STATUS_IS_OK(update_status)) {
257+ DEBUG(1, ("Failed to modify entry: %s\n",
258+ nt_errstr(update_status)));
259+ }
260+ }
261+
262 out:
263 TALLOC_FREE(pwd);
264
265--
2661.7.9.5
267
268
269From 059da248cf69a3b0ef29836f49367b938fb1cbda Mon Sep 17 00:00:00 2001
270From: Stefan Metzmacher <metze@samba.org>
271Date: Tue, 5 Nov 2013 14:04:20 +0100
272Subject: [PATCH 2/3] CVE-2013-4496:s3:auth: fix memory leak in the
273 ACCOUNT_LOCKED_OUT case.
274
275Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
276
277Signed-off-by: Stefan Metzmacher <metze@samba.org>
278Reviewed-by: Jeremy Allison <jra@samba.org>
279Signed-off-by: Andrew Bartlett <abartlet@samba.org>
280Reviewed-by: Andreas Schneider <asn@samba.org>
281---
282 source3/auth/check_samsec.c | 1 +
283 1 file changed, 1 insertion(+)
284
285diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
286index f918dc0..e2c42d6 100644
287--- a/source3/auth/check_samsec.c
288+++ b/source3/auth/check_samsec.c
289@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
290 /* Quit if the account was locked out. */
291 if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
292 DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
293+ TALLOC_FREE(sampass);
294 return NT_STATUS_ACCOUNT_LOCKED_OUT;
295 }
296
297--
2981.7.9.5
299
300
301From 27f982ef33a1238ae48d7a38d608dd23ebde61ae Mon Sep 17 00:00:00 2001
302From: Andrew Bartlett <abartlet@samba.org>
303Date: Tue, 5 Nov 2013 16:16:46 +1300
304Subject: [PATCH 3/3] CVE-2013-4496:samr: Remove ChangePasswordUser
305
306This old password change mechanism does not provide the plaintext to
307validate against password complexity, and it is not used by modern
308clients.
309
310The missing features in both implementations (by design) were:
311
312 - the password complexity checks (no plaintext)
313 - the minimum password length (no plaintext)
314
315Additionally, the source3 version did not check:
316
317 - the minimum password age
318 - pdb_get_pass_can_change() which checks the security
319 descriptor for the 'user cannot change password' setting.
320 - the password history
321 - the output of the 'passwd program' if 'unix passwd sync = yes'.
322
323Finally, the mechanism was almost useless, as it was incorrectly
324only made available to administrative users with permission
325to reset the password. It is removed here so that it is not
326mistakenly reinstated in the future.
327
328Andrew Bartlett
329
330Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
331
332Signed-off-by: Andrew Bartlett <abartlet@samba.org>
333Reviewed-by: Andreas Schneider <asn@samba.org>
334Reviewed-by: Stefan Metzmacher <metze@samba.org>
335---
336 source3/rpc_server/samr/srv_samr_nt.c | 169 +-------------------
337 source3/smbd/lanman.c | 254 -------------------------------
338 source4/rpc_server/samr/samr_password.c | 126 +--------------
339 source4/torture/rpc/samr.c | 12 +-
340 4 files changed, 24 insertions(+), 537 deletions(-)
341
342diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
343index 3241b97..2519a3f 100644
344--- a/source3/rpc_server/samr/srv_samr_nt.c
345+++ b/source3/rpc_server/samr/srv_samr_nt.c
346@@ -1706,172 +1706,19 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p,
347 }
348
349 /****************************************************************
350- _samr_ChangePasswordUser
351+ _samr_ChangePasswordUser.
352+
353+ So old it is just not worth implementing
354+ because it does not supply a plaintext and so we can't do password
355+ complexity checking and cannot update other services that use a
356+ plaintext password via passwd chat/pam password change/ldap password
357+ sync.
358 ****************************************************************/
359
360 NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
361 struct samr_ChangePasswordUser *r)
362 {
363- NTSTATUS status;
364- bool ret = false;
365- struct samr_user_info *uinfo;
366- struct samu *pwd = NULL;
367- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
368- struct samr_Password lm_pwd, nt_pwd;
369- bool updated_badpw = false;
370- NTSTATUS update_login_attempts_status;
371-
372- uinfo = policy_handle_find(p, r->in.user_handle,
373- SAMR_USER_ACCESS_SET_PASSWORD, NULL,
374- struct samr_user_info, &status);
375- if (!NT_STATUS_IS_OK(status)) {
376- return status;
377- }
378-
379- DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
380- sid_string_dbg(&uinfo->sid)));
381-
382- /* basic sanity checking on parameters. Do this before any database ops */
383- if (!r->in.lm_present || !r->in.nt_present ||
384- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
385- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
386- /* we should really handle a change with lm not
387- present */
388- return NT_STATUS_INVALID_PARAMETER_MIX;
389- }
390-
391- if (!(pwd = samu_new(NULL))) {
392- return NT_STATUS_NO_MEMORY;
393- }
394-
395- become_root();
396- ret = pdb_getsampwsid(pwd, &uinfo->sid);
397- unbecome_root();
398-
399- if (!ret) {
400- TALLOC_FREE(pwd);
401- return NT_STATUS_WRONG_PASSWORD;
402- }
403-
404- /* Quit if the account was locked out. */
405- if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {
406- DEBUG(3, ("Account for user %s was locked out.\n",
407- pdb_get_username(pwd)));
408- status = NT_STATUS_ACCOUNT_LOCKED_OUT;
409- goto out;
410- }
411-
412- {
413- const uint8_t *lm_pass, *nt_pass;
414-
415- lm_pass = pdb_get_lanman_passwd(pwd);
416- nt_pass = pdb_get_nt_passwd(pwd);
417-
418- if (!lm_pass || !nt_pass) {
419- status = NT_STATUS_WRONG_PASSWORD;
420- goto update_login;
421- }
422-
423- memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
424- memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
425- }
426-
427- /* decrypt and check the new lm hash */
428- D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
429- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
430- if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
431- status = NT_STATUS_WRONG_PASSWORD;
432- goto update_login;
433- }
434-
435- /* decrypt and check the new nt hash */
436- D_P16(nt_pwd.hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash);
437- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
438- if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
439- status = NT_STATUS_WRONG_PASSWORD;
440- goto update_login;
441- }
442-
443- /* The NT Cross is not required by Win2k3 R2, but if present
444- check the nt cross hash */
445- if (r->in.cross1_present && r->in.nt_cross) {
446- D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
447- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
448- status = NT_STATUS_WRONG_PASSWORD;
449- goto update_login;
450- }
451- }
452-
453- /* The LM Cross is not required by Win2k3 R2, but if present
454- check the lm cross hash */
455- if (r->in.cross2_present && r->in.lm_cross) {
456- D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
457- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
458- status = NT_STATUS_WRONG_PASSWORD;
459- goto update_login;
460- }
461- }
462-
463- if (!pdb_set_nt_passwd(pwd, new_ntPwdHash.hash, PDB_CHANGED) ||
464- !pdb_set_lanman_passwd(pwd, new_lmPwdHash.hash, PDB_CHANGED)) {
465- status = NT_STATUS_ACCESS_DENIED;
466- goto out;
467- }
468-
469- status = pdb_update_sam_account(pwd);
470-
471-update_login:
472-
473- /*
474- * Notify passdb backend of login success/failure. If not
475- * NT_STATUS_OK the backend doesn't like the login
476- */
477- update_login_attempts_status = pdb_update_login_attempts(pwd,
478- NT_STATUS_IS_OK(status));
479-
480- if (!NT_STATUS_IS_OK(status)) {
481- bool increment_bad_pw_count = false;
482-
483- if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&
484- (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
485- NT_STATUS_IS_OK(update_login_attempts_status))
486- {
487- increment_bad_pw_count = true;
488- }
489-
490- if (increment_bad_pw_count) {
491- pdb_increment_bad_password_count(pwd);
492- updated_badpw = true;
493- } else {
494- pdb_update_bad_password_count(pwd,
495- &updated_badpw);
496- }
497- } else {
498-
499- if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
500- (pdb_get_bad_password_count(pwd) > 0)){
501- pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);
502- pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);
503- updated_badpw = true;
504- }
505- }
506-
507- if (updated_badpw) {
508- NTSTATUS update_status;
509- become_root();
510- update_status = pdb_update_sam_account(pwd);
511- unbecome_root();
512-
513- if (!NT_STATUS_IS_OK(update_status)) {
514- DEBUG(1, ("Failed to modify entry: %s\n",
515- nt_errstr(update_status)));
516- }
517- }
518-
519- out:
520- TALLOC_FREE(pwd);
521-
522- return status;
523+ return NT_STATUS_NOT_IMPLEMENTED;
524 }
525
526 /*******************************************************************
527diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
528index aef12df..3b4ec65 100644
529--- a/source3/smbd/lanman.c
530+++ b/source3/smbd/lanman.c
531@@ -2947,259 +2947,6 @@ static bool api_NetRemoteTOD(struct smbd_server_connection *sconn,
532 }
533
534 /****************************************************************************
535- Set the user password.
536-*****************************************************************************/
537-
538-static bool api_SetUserPassword(struct smbd_server_connection *sconn,
539- connection_struct *conn,uint16 vuid,
540- char *param, int tpscnt,
541- char *data, int tdscnt,
542- int mdrcnt,int mprcnt,
543- char **rdata,char **rparam,
544- int *rdata_len,int *rparam_len)
545-{
546- char *np = get_safe_str_ptr(param,tpscnt,param,2);
547- char *p = NULL;
548- fstring user;
549- fstring pass1,pass2;
550- TALLOC_CTX *mem_ctx = talloc_tos();
551- NTSTATUS status, result;
552- struct rpc_pipe_client *cli = NULL;
553- struct policy_handle connect_handle, domain_handle, user_handle;
554- struct lsa_String domain_name;
555- struct dom_sid2 *domain_sid;
556- struct lsa_String names;
557- struct samr_Ids rids;
558- struct samr_Ids types;
559- struct samr_Password old_lm_hash;
560- struct samr_Password new_lm_hash;
561- int errcode = NERR_badpass;
562- uint32_t rid;
563- int encrypted;
564- int min_pwd_length;
565- struct dcerpc_binding_handle *b = NULL;
566-
567- /* Skip 2 strings. */
568- p = skip_string(param,tpscnt,np);
569- p = skip_string(param,tpscnt,p);
570-
571- if (!np || !p) {
572- return False;
573- }
574-
575- /* Do we have a string ? */
576- if (skip_string(param,tpscnt,p) == NULL) {
577- return False;
578- }
579- pull_ascii_fstring(user,p);
580-
581- p = skip_string(param,tpscnt,p);
582- if (!p) {
583- return False;
584- }
585-
586- memset(pass1,'\0',sizeof(pass1));
587- memset(pass2,'\0',sizeof(pass2));
588- /*
589- * We use 31 here not 32 as we're checking
590- * the last byte we want to access is safe.
591- */
592- if (!is_offset_safe(param,tpscnt,p,31)) {
593- return False;
594- }
595- memcpy(pass1,p,16);
596- memcpy(pass2,p+16,16);
597-
598- encrypted = get_safe_SVAL(param,tpscnt,p+32,0,-1);
599- if (encrypted == -1) {
600- errcode = W_ERROR_V(WERR_INVALID_PARAM);
601- goto out;
602- }
603-
604- min_pwd_length = get_safe_SVAL(param,tpscnt,p+34,0,-1);
605- if (min_pwd_length == -1) {
606- errcode = W_ERROR_V(WERR_INVALID_PARAM);
607- goto out;
608- }
609-
610- *rparam_len = 4;
611- *rparam = smb_realloc_limit(*rparam,*rparam_len);
612- if (!*rparam) {
613- return False;
614- }
615-
616- *rdata_len = 0;
617-
618- DEBUG(3,("Set password for <%s> (encrypted: %d, min_pwd_length: %d)\n",
619- user, encrypted, min_pwd_length));
620-
621- ZERO_STRUCT(connect_handle);
622- ZERO_STRUCT(domain_handle);
623- ZERO_STRUCT(user_handle);
624-
625- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id,
626- conn->session_info,
627- &conn->sconn->client_id,
628- conn->sconn->msg_ctx,
629- &cli);
630- if (!NT_STATUS_IS_OK(status)) {
631- DEBUG(0,("api_SetUserPassword: could not connect to samr: %s\n",
632- nt_errstr(status)));
633- errcode = W_ERROR_V(ntstatus_to_werror(status));
634- goto out;
635- }
636-
637- b = cli->binding_handle;
638-
639- status = dcerpc_samr_Connect2(b, mem_ctx,
640- global_myname(),
641- SAMR_ACCESS_CONNECT_TO_SERVER |
642- SAMR_ACCESS_ENUM_DOMAINS |
643- SAMR_ACCESS_LOOKUP_DOMAIN,
644- &connect_handle,
645- &result);
646- if (!NT_STATUS_IS_OK(status)) {
647- errcode = W_ERROR_V(ntstatus_to_werror(status));
648- goto out;
649- }
650- if (!NT_STATUS_IS_OK(result)) {
651- errcode = W_ERROR_V(ntstatus_to_werror(result));
652- goto out;
653- }
654-
655- init_lsa_String(&domain_name, get_global_sam_name());
656-
657- status = dcerpc_samr_LookupDomain(b, mem_ctx,
658- &connect_handle,
659- &domain_name,
660- &domain_sid,
661- &result);
662- if (!NT_STATUS_IS_OK(status)) {
663- errcode = W_ERROR_V(ntstatus_to_werror(status));
664- goto out;
665- }
666- if (!NT_STATUS_IS_OK(result)) {
667- errcode = W_ERROR_V(ntstatus_to_werror(result));
668- goto out;
669- }
670-
671- status = dcerpc_samr_OpenDomain(b, mem_ctx,
672- &connect_handle,
673- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
674- domain_sid,
675- &domain_handle,
676- &result);
677- if (!NT_STATUS_IS_OK(status)) {
678- errcode = W_ERROR_V(ntstatus_to_werror(status));
679- goto out;
680- }
681- if (!NT_STATUS_IS_OK(result)) {
682- errcode = W_ERROR_V(ntstatus_to_werror(result));
683- goto out;
684- }
685-
686- init_lsa_String(&names, user);
687-
688- status = dcerpc_samr_LookupNames(b, mem_ctx,
689- &domain_handle,
690- 1,
691- &names,
692- &rids,
693- &types,
694- &result);
695- if (!NT_STATUS_IS_OK(status)) {
696- errcode = W_ERROR_V(ntstatus_to_werror(status));
697- goto out;
698- }
699- if (!NT_STATUS_IS_OK(result)) {
700- errcode = W_ERROR_V(ntstatus_to_werror(result));
701- goto out;
702- }
703-
704- if (rids.count != 1) {
705- errcode = W_ERROR_V(WERR_NO_SUCH_USER);
706- goto out;
707- }
708- if (rids.count != types.count) {
709- errcode = W_ERROR_V(WERR_INVALID_PARAM);
710- goto out;
711- }
712- if (types.ids[0] != SID_NAME_USER) {
713- errcode = W_ERROR_V(WERR_INVALID_PARAM);
714- goto out;
715- }
716-
717- rid = rids.ids[0];
718-
719- status = dcerpc_samr_OpenUser(b, mem_ctx,
720- &domain_handle,
721- SAMR_USER_ACCESS_CHANGE_PASSWORD,
722- rid,
723- &user_handle,
724- &result);
725- if (!NT_STATUS_IS_OK(status)) {
726- errcode = W_ERROR_V(ntstatus_to_werror(status));
727- goto out;
728- }
729- if (!NT_STATUS_IS_OK(result)) {
730- errcode = W_ERROR_V(ntstatus_to_werror(result));
731- goto out;
732- }
733-
734- if (encrypted == 0) {
735- E_deshash(pass1, old_lm_hash.hash);
736- E_deshash(pass2, new_lm_hash.hash);
737- } else {
738- ZERO_STRUCT(old_lm_hash);
739- ZERO_STRUCT(new_lm_hash);
740- memcpy(old_lm_hash.hash, pass1, MIN(strlen(pass1), 16));
741- memcpy(new_lm_hash.hash, pass1, MIN(strlen(pass2), 16));
742- }
743-
744- status = dcerpc_samr_ChangePasswordUser(b, mem_ctx,
745- &user_handle,
746- true, /* lm_present */
747- &old_lm_hash,
748- &new_lm_hash,
749- false, /* nt_present */
750- NULL, /* old_nt_crypted */
751- NULL, /* new_nt_crypted */
752- false, /* cross1_present */
753- NULL, /* nt_cross */
754- false, /* cross2_present */
755- NULL, /* lm_cross */
756- &result);
757- if (!NT_STATUS_IS_OK(status)) {
758- errcode = W_ERROR_V(ntstatus_to_werror(status));
759- goto out;
760- }
761- if (!NT_STATUS_IS_OK(result)) {
762- errcode = W_ERROR_V(ntstatus_to_werror(result));
763- goto out;
764- }
765-
766- errcode = NERR_Success;
767- out:
768-
769- if (b && is_valid_policy_hnd(&user_handle)) {
770- dcerpc_samr_Close(b, mem_ctx, &user_handle, &result);
771- }
772- if (b && is_valid_policy_hnd(&domain_handle)) {
773- dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result);
774- }
775- if (b && is_valid_policy_hnd(&connect_handle)) {
776- dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result);
777- }
778-
779- memset((char *)pass1,'\0',sizeof(fstring));
780- memset((char *)pass2,'\0',sizeof(fstring));
781-
782- SSVAL(*rparam,0,errcode);
783- SSVAL(*rparam,2,0); /* converter word */
784- return(True);
785-}
786-
787-/****************************************************************************
788 Set the user password (SamOEM version - gets plaintext).
789 ****************************************************************************/
790
791@@ -5790,7 +5537,6 @@ static const struct {
792 {"NetServerEnum2", RAP_NetServerEnum2, api_RNetServerEnum2}, /* anon OK */
793 {"NetServerEnum3", RAP_NetServerEnum3, api_RNetServerEnum3}, /* anon OK */
794 {"WAccessGetUserPerms",RAP_WAccessGetUserPerms,api_WAccessGetUserPerms},
795- {"SetUserPassword", RAP_WUserPasswordSet2, api_SetUserPassword},
796 {"WWkstaUserLogon", RAP_WWkstaUserLogon, api_WWkstaUserLogon},
797 {"PrintJobInfo", RAP_WPrintJobSetInfo, api_PrintJobInfo},
798 {"WPrintDriverEnum", RAP_WPrintDriverEnum, api_WPrintDriverEnum},
799diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
800index ee13a11..e618740 100644
801--- a/source4/rpc_server/samr/samr_password.c
802+++ b/source4/rpc_server/samr/samr_password.c
803@@ -32,131 +32,17 @@
804
805 /*
806 samr_ChangePasswordUser
807+
808+ So old it is just not worth implementing
809+ because it does not supply a plaintext and so we can't do password
810+ complexity checking and cannot update all the other password hashes.
811+
812 */
813 NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
814 TALLOC_CTX *mem_ctx,
815 struct samr_ChangePasswordUser *r)
816 {
817- struct dcesrv_handle *h;
818- struct samr_account_state *a_state;
819- struct ldb_context *sam_ctx;
820- struct ldb_message **res;
821- int ret;
822- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
823- struct samr_Password *lm_pwd, *nt_pwd;
824- NTSTATUS status = NT_STATUS_OK;
825- const char * const attrs[] = { "dBCSPwd", "unicodePwd" , NULL };
826-
827- DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
828-
829- a_state = h->data;
830-
831- /* basic sanity checking on parameters. Do this before any database ops */
832- if (!r->in.lm_present || !r->in.nt_present ||
833- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
834- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
835- /* we should really handle a change with lm not
836- present */
837- return NT_STATUS_INVALID_PARAMETER_MIX;
838- }
839-
840- /* Connect to a SAMDB with system privileges for fetching the old pw
841- * hashes. */
842- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
843- dce_call->conn->dce_ctx->lp_ctx,
844- system_session(dce_call->conn->dce_ctx->lp_ctx), 0);
845- if (sam_ctx == NULL) {
846- return NT_STATUS_INVALID_SYSTEM_SERVICE;
847- }
848-
849- /* fetch the old hashes */
850- ret = gendb_search_dn(sam_ctx, mem_ctx,
851- a_state->account_dn, &res, attrs);
852- if (ret != 1) {
853- return NT_STATUS_WRONG_PASSWORD;
854- }
855-
856- status = samdb_result_passwords(mem_ctx,
857- dce_call->conn->dce_ctx->lp_ctx,
858- res[0], &lm_pwd, &nt_pwd);
859- if (!NT_STATUS_IS_OK(status) || !nt_pwd) {
860- return NT_STATUS_WRONG_PASSWORD;
861- }
862-
863- /* decrypt and check the new lm hash */
864- if (lm_pwd) {
865- D_P16(lm_pwd->hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
866- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
867- if (memcmp(checkHash.hash, lm_pwd, 16) != 0) {
868- return NT_STATUS_WRONG_PASSWORD;
869- }
870- }
871-
872- /* decrypt and check the new nt hash */
873- D_P16(nt_pwd->hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash);
874- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
875- if (memcmp(checkHash.hash, nt_pwd, 16) != 0) {
876- return NT_STATUS_WRONG_PASSWORD;
877- }
878-
879- /* The NT Cross is not required by Win2k3 R2, but if present
880- check the nt cross hash */
881- if (r->in.cross1_present && r->in.nt_cross && lm_pwd) {
882- D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash);
883- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
884- return NT_STATUS_WRONG_PASSWORD;
885- }
886- }
887-
888- /* The LM Cross is not required by Win2k3 R2, but if present
889- check the lm cross hash */
890- if (r->in.cross2_present && r->in.lm_cross && lm_pwd) {
891- D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash);
892- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
893- return NT_STATUS_WRONG_PASSWORD;
894- }
895- }
896-
897- /* Start a SAM with user privileges for the password change */
898- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
899- dce_call->conn->dce_ctx->lp_ctx,
900- dce_call->conn->auth_state.session_info, 0);
901- if (sam_ctx == NULL) {
902- return NT_STATUS_INVALID_SYSTEM_SERVICE;
903- }
904-
905- /* Start transaction */
906- ret = ldb_transaction_start(sam_ctx);
907- if (ret != LDB_SUCCESS) {
908- DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ctx)));
909- return NT_STATUS_TRANSACTION_ABORTED;
910- }
911-
912- /* Performs the password modification. We pass the old hashes read out
913- * from the database since they were already checked against the user-
914- * provided ones. */
915- status = samdb_set_password(sam_ctx, mem_ctx,
916- a_state->account_dn,
917- a_state->domain_state->domain_dn,
918- NULL, &new_lmPwdHash, &new_ntPwdHash,
919- lm_pwd, nt_pwd, /* this is a user password change */
920- NULL,
921- NULL);
922- if (!NT_STATUS_IS_OK(status)) {
923- ldb_transaction_cancel(sam_ctx);
924- return status;
925- }
926-
927- /* And this confirms it in a transaction commit */
928- ret = ldb_transaction_commit(sam_ctx);
929- if (ret != LDB_SUCCESS) {
930- DEBUG(1,("Failed to commit transaction to change password on %s: %s\n",
931- ldb_dn_get_linearized(a_state->account_dn),
932- ldb_errstring(sam_ctx)));
933- return NT_STATUS_TRANSACTION_ABORTED;
934- }
935-
936- return NT_STATUS_OK;
937+ return NT_STATUS_NOT_IMPLEMENTED;
938 }
939
940 /*
941diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
942index 7d9a1e2..adfc5d4 100644
943--- a/source4/torture/rpc/samr.c
944+++ b/source4/torture/rpc/samr.c
945@@ -1728,8 +1728,16 @@ static bool test_ChangePasswordUser(struct dcerpc_binding_handle *b,
946
947 torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
948 "ChangePasswordUser failed");
949- torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
950- "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
951+
952+ /* Do not proceed if this call has been removed */
953+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
954+ return true;
955+ }
956+
957+ if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
958+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
959+ "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
960+ }
961
962 /* Unbreak the LM hash */
963 hash1.hash[0]--;
964--
9651.7.9.5
966
diff --git a/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb b/meta-oe/recipes-connectivity/samba/samba_3.6.24.bb
index cf13a0f58..8860da088 100644
--- a/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb
+++ b/meta-oe/recipes-connectivity/samba/samba_3.6.24.bb
@@ -3,8 +3,6 @@ require samba-basic.inc
3LICENSE = "GPLv3" 3LICENSE = "GPLv3"
4LIC_FILES_CHKSUM = "file://../COPYING;md5=d32239bcb673463ab874e80d47fae504" 4LIC_FILES_CHKSUM = "file://../COPYING;md5=d32239bcb673463ab874e80d47fae504"
5 5
6PR = "r8"
7
8SRC_URI += "\ 6SRC_URI += "\
9 file://config-h.patch \ 7 file://config-h.patch \
10 file://documentation.patch;patchdir=.. \ 8 file://documentation.patch;patchdir=.. \
@@ -30,14 +28,9 @@ SRC_URI += "\
30 file://configure-disable-getaddrinfo-cross.patch;patchdir=.. \ 28 file://configure-disable-getaddrinfo-cross.patch;patchdir=.. \
31 file://configure-disable-core_pattern-cross-check.patch;patchdir=.. \ 29 file://configure-disable-core_pattern-cross-check.patch;patchdir=.. \
32 file://configure-libunwind.patch;patchdir=.. \ 30 file://configure-libunwind.patch;patchdir=.. \
33 file://samba-3.6.22-CVE-2013-4496.patch;patchdir=.. \
34 file://0001-PIDL-fix-parsing-linemarkers-in-preprocessor-output.patch;patchdir=.. \
35 file://samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch;patchdir=.. \
36 file://samba-3.6.16-CVE-2013-4124.patch;patchdir=.. \
37 file://samba-3.6.19-CVE-2013-4475.patch;patchdir=.. \
38" 31"
39SRC_URI[md5sum] = "fbb245863eeef2fffe172df779a217be" 32SRC_URI[md5sum] = "d98425c0c2b73e08f048d31ffc727fb0"
40SRC_URI[sha256sum] = "4f5a171a8d902c6b4f822ed875c51eb8339196d9ccf0ecd7f6521c966b3514de" 33SRC_URI[sha256sum] = "11d0bd04b734731970259efc6692b8e749ff671a9b56d8cc5fa98c192ab234a7"
41 34
42S = "${WORKDIR}/samba-${PV}/source3" 35S = "${WORKDIR}/samba-${PV}/source3"
43 36