diff options
Diffstat (limited to 'meta-oe')
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_221618_precise-64bit-prototype.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_221618_precise-64bit-prototype.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch) | 4 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_601406_fix-perl-path-in-example.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_601406_fix-perl-path-in-example.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_drop-using-samba-link.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_drop-using-samba-link.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_fix-WHATSNEW-link.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_fix-WHATSNEW-link.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-core_pattern-cross-check.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-core_pattern-cross-check.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-getaddrinfo-cross.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-getaddrinfo-cross.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-libunwind.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-libunwind.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation.patch) | 16 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation2.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation2.patch) | 8 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/dont-build-VFS-examples.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/dont-build-VFS-examples.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/fhs-filespaths.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/fhs-filespaths.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/installswat.sh.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/installswat.sh.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/libutil_drop_AI_ADDRCONFIG.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/libutil_drop_AI_ADDRCONFIG.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/only_export_public_symbols.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/only_export_public_symbols.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/pam-examples.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/pam-examples.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/shadow_copy2_backport.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/shadow_copy2_backport.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/smbclient-pager.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/smbclient-pager.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtar-bashism.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtar-bashism.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtorture-manpage.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtorture-manpage.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/undefined-symbols.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/undefined-symbols.patch) | 6 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/usershare.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/usershare.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba-3.6.24/waf-as-source.patch (renamed from meta-oe/recipes-connectivity/samba/samba-3.6.8/waf-as-source.patch) | 0 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch | 160 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch | 43 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch | 102 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch | 966 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/samba/samba_3.6.24.bb (renamed from meta-oe/recipes-connectivity/samba/samba_3.6.8.bb) | 11 |
29 files changed, 19 insertions, 1297 deletions
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_221618_precise-64bit-prototype.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_221618_precise-64bit-prototype.patch index 31108f2e89..31108f2e89 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_221618_precise-64bit-prototype.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_221618_precise-64bit-prototype.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch index ea499a6eb3..d9cc633d48 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch | |||
| @@ -27,8 +27,8 @@ Index: samba/docs/manpages/smbspool.8 | |||
| 27 | .sp -1 | 27 | .sp -1 |
| 28 | .IP \(bu 2.3 | 28 | .IP \(bu 2.3 |
| 29 | .\} | 29 | .\} |
| 30 | -The user argument (argv[2]) contains the print user\'s name and is presently not used by smbspool\&. | 30 | -The user argument (argv[2]) contains the print user\*(Aqs name and is presently not used by smbspool\&. |
| 31 | +The user argument (argv[2]) contains the print user\'s name and is presently not used by smbspool except in Kerberos environments to access the user\'s ticket cache\&. | 31 | +The user argument (argv[2]) contains the print user\*(Aqs name and is presently not used by smbspool except in Kerberos environments to access the user\'s ticket cache\&. |
| 32 | .RE | 32 | .RE |
| 33 | .sp | 33 | .sp |
| 34 | .RS 4 | 34 | .RS 4 |
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch index dcd94e425e..dcd94e425e 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_601406_fix-perl-path-in-example.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_601406_fix-perl-path-in-example.patch index ba8b1f4255..ba8b1f4255 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_601406_fix-perl-path-in-example.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_601406_fix-perl-path-in-example.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_drop-using-samba-link.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_drop-using-samba-link.patch index 0c54b6b0b7..0c54b6b0b7 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_drop-using-samba-link.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_drop-using-samba-link.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_fix-WHATSNEW-link.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_fix-WHATSNEW-link.patch index c7dd043fbe..c7dd043fbe 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/bug_604768_upstream_7826_fix-WHATSNEW-link.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/bug_604768_upstream_7826_fix-WHATSNEW-link.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-core_pattern-cross-check.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-core_pattern-cross-check.patch index 2d96189732..2d96189732 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-core_pattern-cross-check.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-core_pattern-cross-check.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-getaddrinfo-cross.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-getaddrinfo-cross.patch index 84ecd498f5..84ecd498f5 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-disable-getaddrinfo-cross.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-disable-getaddrinfo-cross.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-libunwind.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-libunwind.patch index 9a2cb00eba..9a2cb00eba 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/configure-libunwind.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/configure-libunwind.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation.patch index 46ace234e9..73111fed72 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation.patch | |||
| @@ -6,7 +6,7 @@ Index: experimental/docs/manpages/swat.8 | |||
| 6 | =================================================================== | 6 | =================================================================== |
| 7 | --- experimental.orig/docs/manpages/swat.8 | 7 | --- experimental.orig/docs/manpages/swat.8 |
| 8 | +++ experimental/docs/manpages/swat.8 | 8 | +++ experimental/docs/manpages/swat.8 |
| 9 | @@ -111,86 +111,6 @@ | 9 | @@ -120,86 +120,6 @@ |
| 10 | .RS 4 | 10 | .RS 4 |
| 11 | Print a summary of command line options\&. | 11 | Print a summary of command line options\&. |
| 12 | .RE | 12 | .RE |
| @@ -73,7 +73,7 @@ Index: experimental/docs/manpages/swat.8 | |||
| 73 | -/etc/services | 73 | -/etc/services |
| 74 | -file\&. | 74 | -file\&. |
| 75 | -.PP | 75 | -.PP |
| 76 | -the choice of port number isn\'t really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your | 76 | -the choice of port number isn\*(Aqt really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your |
| 77 | -inetd | 77 | -inetd |
| 78 | -daemon)\&. | 78 | -daemon)\&. |
| 79 | -.PP | 79 | -.PP |
| @@ -93,7 +93,7 @@ Index: experimental/docs/manpages/swat.8 | |||
| 93 | .SH "LAUNCHING" | 93 | .SH "LAUNCHING" |
| 94 | .PP | 94 | .PP |
| 95 | To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&. | 95 | To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&. |
| 96 | @@ -208,14 +128,11 @@ | 96 | @@ -217,14 +137,11 @@ |
| 97 | This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&. | 97 | This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&. |
| 98 | .RE | 98 | .RE |
| 99 | .PP | 99 | .PP |
| @@ -260,20 +260,20 @@ Index: experimental/docs/manpages/winbindd.8 | |||
| 260 | =================================================================== | 260 | =================================================================== |
| 261 | --- experimental.orig/docs/manpages/winbindd.8 | 261 | --- experimental.orig/docs/manpages/winbindd.8 |
| 262 | +++ experimental/docs/manpages/winbindd.8 | 262 | +++ experimental/docs/manpages/winbindd.8 |
| 263 | @@ -550,16 +550,16 @@ | 263 | @@ -539,16 +539,16 @@ |
| 264 | file are owned by root\&. | 264 | file are owned by root\&. |
| 265 | .RE | 265 | .RE |
| 266 | .PP | 266 | .PP |
| 267 | -$LOCKDIR/winbindd_privileged/pipe | 267 | -$LOCKDIR/winbindd_privileged/pipe |
| 268 | +/var/run/samba/winbindd_privileged/pipe | 268 | +/var/run/samba/winbindd_privileged/pipe |
| 269 | .RS 4 | 269 | .RS 4 |
| 270 | The UNIX pipe over which \'privileged\' clients communicate with the | 270 | The UNIX pipe over which \*(Aqprivileged\*(Aq clients communicate with the |
| 271 | winbindd | 271 | winbindd |
| 272 | program\&. For security reasons, access to some winbindd functions \- like those needed by the | 272 | program\&. For security reasons, access to some winbindd functions \- like those needed by the |
| 273 | ntlm_auth | 273 | ntlm_auth |
| 274 | -utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the | 274 | -utility \- is restricted\&. By default, only users in the \*(Aqroot\*(Aq group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \*(Aqsquid\*(Aq to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the |
| 275 | -$LOCKDIR/winbindd_privileged | 275 | -$LOCKDIR/winbindd_privileged |
| 276 | +utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the | 276 | +utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the |
| 277 | +/var/run/samba/winbindd_privileged | 277 | +/var/run/samba/winbindd_privileged |
| 278 | directory and | 278 | directory and |
| 279 | -$LOCKDIR/winbindd_privileged/pipe | 279 | -$LOCKDIR/winbindd_privileged/pipe |
| @@ -281,7 +281,7 @@ Index: experimental/docs/manpages/winbindd.8 | |||
| 281 | file are owned by root\&. | 281 | file are owned by root\&. |
| 282 | .RE | 282 | .RE |
| 283 | .PP | 283 | .PP |
| 284 | @@ -568,15 +568,12 @@ | 284 | @@ -557,15 +557,12 @@ |
| 285 | Implementation of name service switch library\&. | 285 | Implementation of name service switch library\&. |
| 286 | .RE | 286 | .RE |
| 287 | .PP | 287 | .PP |
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation2.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation2.patch index 902e8e2308..af8da32d50 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/documentation2.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/documentation2.patch | |||
| @@ -212,8 +212,8 @@ Index: samba/docs/manpages/nmbd.8 | |||
| 212 | \fBsmb.conf\fR(5), | 212 | \fBsmb.conf\fR(5), |
| 213 | \fBsmbclient\fR(1), | 213 | \fBsmbclient\fR(1), |
| 214 | -\fBtestparm\fR(1), | 214 | -\fBtestparm\fR(1), |
| 215 | -\fBtestprns\fR(1), and the Internet RFC\'s | 215 | -\fBtestprns\fR(1), and the Internet RFC\*(Aqs |
| 216 | +\fBtestparm\fR(1), and the Internet RFC\'s | 216 | +\fBtestparm\fR(1), and the Internet RFC\*(Aqs |
| 217 | rfc1001\&.txt, | 217 | rfc1001\&.txt, |
| 218 | rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page | 218 | rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page |
| 219 | http://samba\&.org/cifs/\&. | 219 | http://samba\&.org/cifs/\&. |
| @@ -269,8 +269,8 @@ Index: samba/docs/manpages/smbd.8 | |||
| 269 | \fBsmb.conf\fR(5), | 269 | \fBsmb.conf\fR(5), |
| 270 | \fBsmbclient\fR(1), | 270 | \fBsmbclient\fR(1), |
| 271 | -\fBtestparm\fR(1), | 271 | -\fBtestparm\fR(1), |
| 272 | -\fBtestprns\fR(1), and the Internet RFC\'s | 272 | -\fBtestprns\fR(1), and the Internet RFC\*(Aqs |
| 273 | +\fBtestparm\fR(1), and the Internet RFC\'s | 273 | +\fBtestparm\fR(1), and the Internet RFC\*(Aqs |
| 274 | rfc1001\&.txt, | 274 | rfc1001\&.txt, |
| 275 | rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page | 275 | rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page |
| 276 | http://samba\&.org/cifs/\&. | 276 | http://samba\&.org/cifs/\&. |
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/dont-build-VFS-examples.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/dont-build-VFS-examples.patch index beff7db676..beff7db676 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/dont-build-VFS-examples.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/dont-build-VFS-examples.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/fhs-filespaths.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/fhs-filespaths.patch index e7c6b9995e..e7c6b9995e 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/fhs-filespaths.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/fhs-filespaths.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/installswat.sh.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/installswat.sh.patch index 3f08e493ad..3f08e493ad 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/installswat.sh.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/installswat.sh.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/libutil_drop_AI_ADDRCONFIG.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/libutil_drop_AI_ADDRCONFIG.patch index d3473ea402..d3473ea402 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/libutil_drop_AI_ADDRCONFIG.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/libutil_drop_AI_ADDRCONFIG.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/only_export_public_symbols.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/only_export_public_symbols.patch index f4fbd56a15..f4fbd56a15 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/only_export_public_symbols.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/only_export_public_symbols.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/pam-examples.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/pam-examples.patch index 9b36e14e3c..9b36e14e3c 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/pam-examples.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/pam-examples.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/shadow_copy2_backport.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/shadow_copy2_backport.patch index dbd10489fa..dbd10489fa 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/shadow_copy2_backport.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/shadow_copy2_backport.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbclient-pager.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbclient-pager.patch index 429f2cec46..429f2cec46 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbclient-pager.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbclient-pager.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtar-bashism.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtar-bashism.patch index 27a47cb51c..27a47cb51c 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtar-bashism.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtar-bashism.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtorture-manpage.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtorture-manpage.patch index 59930b5e5f..59930b5e5f 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/smbtorture-manpage.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/smbtorture-manpage.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/undefined-symbols.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/undefined-symbols.patch index 3ab0027eeb..5babc1e384 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/undefined-symbols.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/undefined-symbols.patch | |||
| @@ -13,12 +13,12 @@ Index: experimental/source3/Makefile.in | |||
| 13 | =================================================================== | 13 | =================================================================== |
| 14 | --- experimental.orig/source3/Makefile.in | 14 | --- experimental.orig/source3/Makefile.in |
| 15 | +++ experimental/source3/Makefile.in | 15 | +++ experimental/source3/Makefile.in |
| 16 | @@ -2281,7 +2281,7 @@ | 16 | @@ -2594,7 +2594,7 @@ |
| 17 | 17 | ||
| 18 | $(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) $(LIBSMBCLIENT_SYMS) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) | 18 | $(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) $(LIBSMBCLIENT_SYMS) $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT) |
| 19 | @echo Linking shared library $@ | 19 | @echo Linking shared library $@ |
| 20 | - @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \ | 20 | - @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \ |
| 21 | + @$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \ | 21 | + @$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \ |
| 22 | $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBS) \ | 22 | $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBS) \ |
| 23 | $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS) \ | 23 | $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS) \ |
| 24 | @SONAMEFLAG@`basename $@` | 24 | @SONAMEFLAG@`basename $@` |
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/usershare.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/usershare.patch index 3673db751a..3673db751a 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/usershare.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/usershare.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba-3.6.8/waf-as-source.patch b/meta-oe/recipes-connectivity/samba/samba-3.6.24/waf-as-source.patch index 985ed5af1f..985ed5af1f 100644 --- a/meta-oe/recipes-connectivity/samba/samba-3.6.8/waf-as-source.patch +++ b/meta-oe/recipes-connectivity/samba/samba-3.6.24/waf-as-source.patch | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch deleted file mode 100644 index cccb34127a..0000000000 --- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch +++ /dev/null | |||
| @@ -1,160 +0,0 @@ | |||
| 1 | Upstream-Status: Backport | ||
| 2 | |||
| 3 | From 71225948a249f079120282740fcc39fd6faa880e Mon Sep 17 00:00:00 2001 | ||
| 4 | From: Kai Blin <kai@samba.org> | ||
| 5 | Date: Fri, 18 Jan 2013 23:11:07 +0100 | ||
| 6 | Subject: [PATCH 1/2] swat: Use X-Frame-Options header to avoid clickjacking | ||
| 7 | |||
| 8 | Jann Horn reported a potential clickjacking vulnerability in SWAT where | ||
| 9 | the SWAT page could be embedded into an attacker's page using a frame or | ||
| 10 | iframe and then used to trick the user to change Samba settings. | ||
| 11 | |||
| 12 | Avoid this by telling the browser to refuse the frame embedding via the | ||
| 13 | X-Frame-Options: DENY header. | ||
| 14 | |||
| 15 | Signed-off-by: Kai Blin <kai@samba.org> | ||
| 16 | |||
| 17 | Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT. | ||
| 18 | --- | ||
| 19 | source3/web/swat.c | 3 ++- | ||
| 20 | 1 files changed, 2 insertions(+), 1 deletions(-) | ||
| 21 | |||
| 22 | diff --git a/source3/web/swat.c b/source3/web/swat.c | ||
| 23 | index 1f6eb6c..ed80c38 100644 | ||
| 24 | --- a/source3/web/swat.c | ||
| 25 | +++ b/source3/web/swat.c | ||
| 26 | @@ -266,7 +266,8 @@ static void print_header(void) | ||
| 27 | if (!cgi_waspost()) { | ||
| 28 | printf("Expires: 0\r\n"); | ||
| 29 | } | ||
| 30 | - printf("Content-type: text/html\r\n\r\n"); | ||
| 31 | + printf("Content-type: text/html\r\n"); | ||
| 32 | + printf("X-Frame-Options: DENY\r\n\r\n"); | ||
| 33 | |||
| 34 | if (!include_html("include/header.html")) { | ||
| 35 | printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n"); | ||
| 36 | -- | ||
| 37 | 1.7.7 | ||
| 38 | |||
| 39 | |||
| 40 | From 91f4275873ebeda8f57684f09df67162ae80515a Mon Sep 17 00:00:00 2001 | ||
| 41 | From: Kai Blin <kai@samba.org> | ||
| 42 | Date: Mon, 28 Jan 2013 21:41:07 +0100 | ||
| 43 | Subject: [PATCH 2/2] swat: Use additional nonce on XSRF protection | ||
| 44 | |||
| 45 | If the user had a weak password on the root account of a machine running | ||
| 46 | SWAT, there still was a chance of being targetted by an XSRF on a | ||
| 47 | malicious web site targetting the SWAT setup. | ||
| 48 | |||
| 49 | Use a random nonce stored in secrets.tdb to close this possible attack | ||
| 50 | window. Thanks to Jann Horn for reporting this issue. | ||
| 51 | |||
| 52 | Signed-off-by: Kai Blin <kai@samba.org> | ||
| 53 | |||
| 54 | Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT. | ||
| 55 | --- | ||
| 56 | source3/web/cgi.c | 40 ++++++++++++++++++++++++++-------------- | ||
| 57 | source3/web/swat.c | 2 ++ | ||
| 58 | source3/web/swat_proto.h | 1 + | ||
| 59 | 3 files changed, 29 insertions(+), 14 deletions(-) | ||
| 60 | |||
| 61 | diff --git a/source3/web/cgi.c b/source3/web/cgi.c | ||
| 62 | index ef1b856..861bc84 100644 | ||
| 63 | --- a/source3/web/cgi.c | ||
| 64 | +++ b/source3/web/cgi.c | ||
| 65 | @@ -48,6 +48,7 @@ static const char *baseurl; | ||
| 66 | static char *pathinfo; | ||
| 67 | static char *C_user; | ||
| 68 | static char *C_pass; | ||
| 69 | +static char *C_nonce; | ||
| 70 | static bool inetd_server; | ||
| 71 | static bool got_request; | ||
| 72 | |||
| 73 | @@ -329,20 +330,7 @@ static void cgi_web_auth(void) | ||
| 74 | C_user = SMB_STRDUP(user); | ||
| 75 | |||
| 76 | if (!setuid(0)) { | ||
| 77 | - C_pass = secrets_fetch_generic("root", "SWAT"); | ||
| 78 | - if (C_pass == NULL) { | ||
| 79 | - char *tmp_pass = NULL; | ||
| 80 | - tmp_pass = generate_random_password(talloc_tos(), | ||
| 81 | - 16, 16); | ||
| 82 | - if (tmp_pass == NULL) { | ||
| 83 | - printf("%sFailed to create random nonce for " | ||
| 84 | - "SWAT session\n<br>%s\n", head, tail); | ||
| 85 | - exit(0); | ||
| 86 | - } | ||
| 87 | - secrets_store_generic("root", "SWAT", tmp_pass); | ||
| 88 | - C_pass = SMB_STRDUP(tmp_pass); | ||
| 89 | - TALLOC_FREE(tmp_pass); | ||
| 90 | - } | ||
| 91 | + C_pass = SMB_STRDUP(cgi_nonce()); | ||
| 92 | } | ||
| 93 | setuid(pwd->pw_uid); | ||
| 94 | if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { | ||
| 95 | @@ -459,6 +447,30 @@ char *cgi_user_pass(void) | ||
| 96 | } | ||
| 97 | |||
| 98 | /*************************************************************************** | ||
| 99 | +return a ptr to the nonce | ||
| 100 | + ***************************************************************************/ | ||
| 101 | +char *cgi_nonce(void) | ||
| 102 | +{ | ||
| 103 | + const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n"; | ||
| 104 | + const char *tail = "</BODY></HTML>\r\n"; | ||
| 105 | + C_nonce = secrets_fetch_generic("root", "SWAT"); | ||
| 106 | + if (C_nonce == NULL) { | ||
| 107 | + char *tmp_pass = NULL; | ||
| 108 | + tmp_pass = generate_random_password(talloc_tos(), | ||
| 109 | + 16, 16); | ||
| 110 | + if (tmp_pass == NULL) { | ||
| 111 | + printf("%sFailed to create random nonce for " | ||
| 112 | + "SWAT session\n<br>%s\n", head, tail); | ||
| 113 | + exit(0); | ||
| 114 | + } | ||
| 115 | + secrets_store_generic("root", "SWAT", tmp_pass); | ||
| 116 | + C_nonce = SMB_STRDUP(tmp_pass); | ||
| 117 | + TALLOC_FREE(tmp_pass); | ||
| 118 | + } | ||
| 119 | + return(C_nonce); | ||
| 120 | +} | ||
| 121 | + | ||
| 122 | +/*************************************************************************** | ||
| 123 | handle a file download | ||
| 124 | ***************************************************************************/ | ||
| 125 | static void cgi_download(char *file) | ||
| 126 | diff --git a/source3/web/swat.c b/source3/web/swat.c | ||
| 127 | index ed80c38..f8933d2 100644 | ||
| 128 | --- a/source3/web/swat.c | ||
| 129 | +++ b/source3/web/swat.c | ||
| 130 | @@ -154,6 +154,7 @@ void get_xsrf_token(const char *username, const char *pass, | ||
| 131 | MD5_CTX md5_ctx; | ||
| 132 | uint8_t token[16]; | ||
| 133 | int i; | ||
| 134 | + char *nonce = cgi_nonce(); | ||
| 135 | |||
| 136 | token_str[0] = '\0'; | ||
| 137 | ZERO_STRUCT(md5_ctx); | ||
| 138 | @@ -167,6 +168,7 @@ void get_xsrf_token(const char *username, const char *pass, | ||
| 139 | if (pass != NULL) { | ||
| 140 | MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); | ||
| 141 | } | ||
| 142 | + MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce)); | ||
| 143 | |||
| 144 | MD5Final(token, &md5_ctx); | ||
| 145 | |||
| 146 | diff --git a/source3/web/swat_proto.h b/source3/web/swat_proto.h | ||
| 147 | index 424a3af..fe51b1f 100644 | ||
| 148 | --- a/source3/web/swat_proto.h | ||
| 149 | +++ b/source3/web/swat_proto.h | ||
| 150 | @@ -32,6 +32,7 @@ const char *cgi_variable_nonull(const char *name); | ||
| 151 | bool am_root(void); | ||
| 152 | char *cgi_user_name(void); | ||
| 153 | char *cgi_user_pass(void); | ||
| 154 | +char *cgi_nonce(void); | ||
| 155 | void cgi_setup(const char *rootdir, int auth_required); | ||
| 156 | const char *cgi_baseurl(void); | ||
| 157 | const char *cgi_pathinfo(void); | ||
| 158 | -- | ||
| 159 | 1.7.7 | ||
| 160 | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch deleted file mode 100644 index 54b8edfbe6..0000000000 --- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.16-CVE-2013-4124.patch +++ /dev/null | |||
| @@ -1,43 +0,0 @@ | |||
| 1 | Upstream-Status: Backport | ||
| 2 | |||
| 3 | From efdbcabbe97a594572d71d714d258a5854c5d8ce Mon Sep 17 00:00:00 2001 | ||
| 4 | From: Jeremy Allison <jra@samba.org> | ||
| 5 | Date: Wed, 10 Jul 2013 17:10:17 -0700 | ||
| 6 | Subject: [PATCH] Fix bug #10010 - Missing integer wrap protection in EA list | ||
| 7 | reading can cause server to loop with DOS. | ||
| 8 | |||
| 9 | Ensure we never wrap whilst adding client provided input. | ||
| 10 | CVE-2013-4124 | ||
| 11 | |||
| 12 | Signed-off-by: Jeremy Allison <jra@samba.org> | ||
| 13 | --- | ||
| 14 | source3/smbd/nttrans.c | 12 ++++++++++++ | ||
| 15 | 1 file changed, 12 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c | ||
| 18 | index ea9d417..5fc3a09 100644 | ||
| 19 | --- a/source3/smbd/nttrans.c | ||
| 20 | +++ b/source3/smbd/nttrans.c | ||
| 21 | @@ -989,7 +989,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t | ||
| 22 | if (next_offset == 0) { | ||
| 23 | break; | ||
| 24 | } | ||
| 25 | + | ||
| 26 | + /* Integer wrap protection for the increment. */ | ||
| 27 | + if (offset + next_offset < offset) { | ||
| 28 | + break; | ||
| 29 | + } | ||
| 30 | + | ||
| 31 | offset += next_offset; | ||
| 32 | + | ||
| 33 | + /* Integer wrap protection for while loop. */ | ||
| 34 | + if (offset + 4 < offset) { | ||
| 35 | + break; | ||
| 36 | + } | ||
| 37 | + | ||
| 38 | } | ||
| 39 | |||
| 40 | return ea_list_head; | ||
| 41 | -- | ||
| 42 | 1.7.10.4 | ||
| 43 | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch deleted file mode 100644 index a435c08b5f..0000000000 --- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch +++ /dev/null | |||
| @@ -1,102 +0,0 @@ | |||
| 1 | Upstream-Status: Backport | ||
| 2 | |||
| 3 | From 928910f01f951657ea4629a6d573ac00646d16f8 Mon Sep 17 00:00:00 2001 | ||
| 4 | From: Jeremy Allison <jra@samba.org> | ||
| 5 | Date: Thu, 31 Oct 2013 13:48:42 -0700 | ||
| 6 | Subject: [PATCH] Fix bug #10229 - No access check verification on stream | ||
| 7 | files. | ||
| 8 | |||
| 9 | https://bugzilla.samba.org/show_bug.cgi?id=10229 | ||
| 10 | |||
| 11 | We need to check if the requested access mask | ||
| 12 | could be used to open the underlying file (if | ||
| 13 | it existed), as we're passing in zero for the | ||
| 14 | access mask to the base filename. | ||
| 15 | |||
| 16 | Signed-off-by: Jeremy Allison <jra@samba.org> | ||
| 17 | --- | ||
| 18 | source3/smbd/open.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
| 19 | 1 file changed, 61 insertions(+) | ||
| 20 | |||
| 21 | diff --git a/source3/smbd/open.c b/source3/smbd/open.c | ||
| 22 | index 447de80..441b8cd 100644 | ||
| 23 | --- a/source3/smbd/open.c | ||
| 24 | +++ b/source3/smbd/open.c | ||
| 25 | @@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, | ||
| 26 | } | ||
| 27 | |||
| 28 | /**************************************************************************** | ||
| 29 | + Ensure when opening a base file for a stream open that we have permissions | ||
| 30 | + to do so given the access mask on the base file. | ||
| 31 | +****************************************************************************/ | ||
| 32 | + | ||
| 33 | +static NTSTATUS check_base_file_access(struct connection_struct *conn, | ||
| 34 | + struct smb_filename *smb_fname, | ||
| 35 | + uint32_t access_mask) | ||
| 36 | +{ | ||
| 37 | + uint32_t access_granted = 0; | ||
| 38 | + NTSTATUS status; | ||
| 39 | + | ||
| 40 | + status = smbd_calculate_access_mask(conn, smb_fname, | ||
| 41 | + false, | ||
| 42 | + access_mask, | ||
| 43 | + &access_mask); | ||
| 44 | + if (!NT_STATUS_IS_OK(status)) { | ||
| 45 | + DEBUG(10, ("smbd_calculate_access_mask " | ||
| 46 | + "on file %s returned %s\n", | ||
| 47 | + smb_fname_str_dbg(smb_fname), | ||
| 48 | + nt_errstr(status))); | ||
| 49 | + return status; | ||
| 50 | + } | ||
| 51 | + | ||
| 52 | + if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) { | ||
| 53 | + uint32_t dosattrs; | ||
| 54 | + if (!CAN_WRITE(conn)) { | ||
| 55 | + return NT_STATUS_ACCESS_DENIED; | ||
| 56 | + } | ||
| 57 | + dosattrs = dos_mode(conn, smb_fname); | ||
| 58 | + if (IS_DOS_READONLY(dosattrs)) { | ||
| 59 | + return NT_STATUS_ACCESS_DENIED; | ||
| 60 | + } | ||
| 61 | + } | ||
| 62 | + | ||
| 63 | + | ||
| 64 | + return smbd_check_open_rights(conn, | ||
| 65 | + smb_fname, | ||
| 66 | + access_mask, | ||
| 67 | + &access_granted); | ||
| 68 | +} | ||
| 69 | + | ||
| 70 | +/**************************************************************************** | ||
| 71 | fd support routines - attempt to do a dos_open. | ||
| 72 | ****************************************************************************/ | ||
| 73 | |||
| 74 | @@ -3227,6 +3269,25 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, | ||
| 75 | if (SMB_VFS_STAT(conn, smb_fname_base) == -1) { | ||
| 76 | DEBUG(10, ("Unable to stat stream: %s\n", | ||
| 77 | smb_fname_str_dbg(smb_fname_base))); | ||
| 78 | + } else { | ||
| 79 | + /* | ||
| 80 | + * https://bugzilla.samba.org/show_bug.cgi?id=10229 | ||
| 81 | + * We need to check if the requested access mask | ||
| 82 | + * could be used to open the underlying file (if | ||
| 83 | + * it existed), as we're passing in zero for the | ||
| 84 | + * access mask to the base filename. | ||
| 85 | + */ | ||
| 86 | + status = check_base_file_access(conn, | ||
| 87 | + smb_fname_base, | ||
| 88 | + access_mask); | ||
| 89 | + | ||
| 90 | + if (!NT_STATUS_IS_OK(status)) { | ||
| 91 | + DEBUG(10, ("Permission check " | ||
| 92 | + "for base %s failed: " | ||
| 93 | + "%s\n", smb_fname->base_name, | ||
| 94 | + nt_errstr(status))); | ||
| 95 | + goto fail; | ||
| 96 | + } | ||
| 97 | } | ||
| 98 | |||
| 99 | /* Open the base file. */ | ||
| 100 | -- | ||
| 101 | 1.8.4.1 | ||
| 102 | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch deleted file mode 100644 index c190a6c507..0000000000 --- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-4496.patch +++ /dev/null | |||
| @@ -1,966 +0,0 @@ | |||
| 1 | Upstream-Status: Backport | ||
| 2 | |||
| 3 | From 25066eb31d6608075b5993b0d19b3e0843cdadeb Mon Sep 17 00:00:00 2001 | ||
| 4 | From: Andrew Bartlett <abartlet@samba.org> | ||
| 5 | Date: Fri, 1 Nov 2013 14:55:44 +1300 | ||
| 6 | Subject: [PATCH 1/3] CVE-2013-4496:s3-samr: Block attempts to crack passwords | ||
| 7 | via repeated password changes | ||
| 8 | |||
| 9 | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 | ||
| 10 | |||
| 11 | Signed-off-by: Andrew Bartlett <abartlet@samba.org> | ||
| 12 | Signed-off-by: Stefan Metzmacher <metze@samba.org> | ||
| 13 | Signed-off-by: Jeremy Allison <jra@samba.org> | ||
| 14 | Reviewed-by: Stefan Metzmacher <metze@samba.org> | ||
| 15 | Reviewed-by: Jeremy Allison <jra@samba.org> | ||
| 16 | Reviewed-by: Andreas Schneider <asn@samba.org> | ||
| 17 | --- | ||
| 18 | source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++++++++++++++++ | ||
| 19 | source3/rpc_server/samr/srv_samr_nt.c | 90 +++++++++++++++++++++----- | ||
| 20 | 2 files changed, 129 insertions(+), 16 deletions(-) | ||
| 21 | |||
| 22 | diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c | ||
| 23 | index 0b4b25b..59905be 100644 | ||
| 24 | --- a/source3/rpc_server/samr/srv_samr_chgpasswd.c | ||
| 25 | +++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c | ||
| 26 | @@ -1106,6 +1106,8 @@ NTSTATUS pass_oem_change(char *user, const char *rhost, | ||
| 27 | struct samu *sampass = NULL; | ||
| 28 | NTSTATUS nt_status; | ||
| 29 | bool ret = false; | ||
| 30 | + bool updated_badpw = false; | ||
| 31 | + NTSTATUS update_login_attempts_status; | ||
| 32 | |||
| 33 | if (!(sampass = samu_new(NULL))) { | ||
| 34 | return NT_STATUS_NO_MEMORY; | ||
| 35 | @@ -1121,6 +1123,13 @@ NTSTATUS pass_oem_change(char *user, const char *rhost, | ||
| 36 | return NT_STATUS_NO_SUCH_USER; | ||
| 37 | } | ||
| 38 | |||
| 39 | + /* Quit if the account was locked out. */ | ||
| 40 | + if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { | ||
| 41 | + DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", user)); | ||
| 42 | + TALLOC_FREE(sampass); | ||
| 43 | + return NT_STATUS_ACCOUNT_LOCKED_OUT; | ||
| 44 | + } | ||
| 45 | + | ||
| 46 | nt_status = check_oem_password(user, | ||
| 47 | password_encrypted_with_lm_hash, | ||
| 48 | old_lm_hash_encrypted, | ||
| 49 | @@ -1129,6 +1138,52 @@ NTSTATUS pass_oem_change(char *user, const char *rhost, | ||
| 50 | sampass, | ||
| 51 | &new_passwd); | ||
| 52 | |||
| 53 | + /* | ||
| 54 | + * Notify passdb backend of login success/failure. If not | ||
| 55 | + * NT_STATUS_OK the backend doesn't like the login | ||
| 56 | + */ | ||
| 57 | + update_login_attempts_status = pdb_update_login_attempts(sampass, | ||
| 58 | + NT_STATUS_IS_OK(nt_status)); | ||
| 59 | + | ||
| 60 | + if (!NT_STATUS_IS_OK(nt_status)) { | ||
| 61 | + bool increment_bad_pw_count = false; | ||
| 62 | + | ||
| 63 | + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) && | ||
| 64 | + (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && | ||
| 65 | + NT_STATUS_IS_OK(update_login_attempts_status)) | ||
| 66 | + { | ||
| 67 | + increment_bad_pw_count = true; | ||
| 68 | + } | ||
| 69 | + | ||
| 70 | + if (increment_bad_pw_count) { | ||
| 71 | + pdb_increment_bad_password_count(sampass); | ||
| 72 | + updated_badpw = true; | ||
| 73 | + } else { | ||
| 74 | + pdb_update_bad_password_count(sampass, | ||
| 75 | + &updated_badpw); | ||
| 76 | + } | ||
| 77 | + } else { | ||
| 78 | + | ||
| 79 | + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && | ||
| 80 | + (pdb_get_bad_password_count(sampass) > 0)){ | ||
| 81 | + pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); | ||
| 82 | + pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); | ||
| 83 | + updated_badpw = true; | ||
| 84 | + } | ||
| 85 | + } | ||
| 86 | + | ||
| 87 | + if (updated_badpw) { | ||
| 88 | + NTSTATUS update_status; | ||
| 89 | + become_root(); | ||
| 90 | + update_status = pdb_update_sam_account(sampass); | ||
| 91 | + unbecome_root(); | ||
| 92 | + | ||
| 93 | + if (!NT_STATUS_IS_OK(update_status)) { | ||
| 94 | + DEBUG(1, ("Failed to modify entry: %s\n", | ||
| 95 | + nt_errstr(update_status))); | ||
| 96 | + } | ||
| 97 | + } | ||
| 98 | + | ||
| 99 | if (!NT_STATUS_IS_OK(nt_status)) { | ||
| 100 | TALLOC_FREE(sampass); | ||
| 101 | return nt_status; | ||
| 102 | diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c | ||
| 103 | index 78ef1ba..3241b97 100644 | ||
| 104 | --- a/source3/rpc_server/samr/srv_samr_nt.c | ||
| 105 | +++ b/source3/rpc_server/samr/srv_samr_nt.c | ||
| 106 | @@ -1715,9 +1715,11 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 107 | NTSTATUS status; | ||
| 108 | bool ret = false; | ||
| 109 | struct samr_user_info *uinfo; | ||
| 110 | - struct samu *pwd; | ||
| 111 | + struct samu *pwd = NULL; | ||
| 112 | struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; | ||
| 113 | struct samr_Password lm_pwd, nt_pwd; | ||
| 114 | + bool updated_badpw = false; | ||
| 115 | + NTSTATUS update_login_attempts_status; | ||
| 116 | |||
| 117 | uinfo = policy_handle_find(p, r->in.user_handle, | ||
| 118 | SAMR_USER_ACCESS_SET_PASSWORD, NULL, | ||
| 119 | @@ -1729,6 +1731,15 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 120 | DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n", | ||
| 121 | sid_string_dbg(&uinfo->sid))); | ||
| 122 | |||
| 123 | + /* basic sanity checking on parameters. Do this before any database ops */ | ||
| 124 | + if (!r->in.lm_present || !r->in.nt_present || | ||
| 125 | + !r->in.old_lm_crypted || !r->in.new_lm_crypted || | ||
| 126 | + !r->in.old_nt_crypted || !r->in.new_nt_crypted) { | ||
| 127 | + /* we should really handle a change with lm not | ||
| 128 | + present */ | ||
| 129 | + return NT_STATUS_INVALID_PARAMETER_MIX; | ||
| 130 | + } | ||
| 131 | + | ||
| 132 | if (!(pwd = samu_new(NULL))) { | ||
| 133 | return NT_STATUS_NO_MEMORY; | ||
| 134 | } | ||
| 135 | @@ -1742,6 +1753,14 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 136 | return NT_STATUS_WRONG_PASSWORD; | ||
| 137 | } | ||
| 138 | |||
| 139 | + /* Quit if the account was locked out. */ | ||
| 140 | + if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) { | ||
| 141 | + DEBUG(3, ("Account for user %s was locked out.\n", | ||
| 142 | + pdb_get_username(pwd))); | ||
| 143 | + status = NT_STATUS_ACCOUNT_LOCKED_OUT; | ||
| 144 | + goto out; | ||
| 145 | + } | ||
| 146 | + | ||
| 147 | { | ||
| 148 | const uint8_t *lm_pass, *nt_pass; | ||
| 149 | |||
| 150 | @@ -1750,29 +1769,19 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 151 | |||
| 152 | if (!lm_pass || !nt_pass) { | ||
| 153 | status = NT_STATUS_WRONG_PASSWORD; | ||
| 154 | - goto out; | ||
| 155 | + goto update_login; | ||
| 156 | } | ||
| 157 | |||
| 158 | memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash)); | ||
| 159 | memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash)); | ||
| 160 | } | ||
| 161 | |||
| 162 | - /* basic sanity checking on parameters. Do this before any database ops */ | ||
| 163 | - if (!r->in.lm_present || !r->in.nt_present || | ||
| 164 | - !r->in.old_lm_crypted || !r->in.new_lm_crypted || | ||
| 165 | - !r->in.old_nt_crypted || !r->in.new_nt_crypted) { | ||
| 166 | - /* we should really handle a change with lm not | ||
| 167 | - present */ | ||
| 168 | - status = NT_STATUS_INVALID_PARAMETER_MIX; | ||
| 169 | - goto out; | ||
| 170 | - } | ||
| 171 | - | ||
| 172 | /* decrypt and check the new lm hash */ | ||
| 173 | D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash); | ||
| 174 | D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash); | ||
| 175 | if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) { | ||
| 176 | status = NT_STATUS_WRONG_PASSWORD; | ||
| 177 | - goto out; | ||
| 178 | + goto update_login; | ||
| 179 | } | ||
| 180 | |||
| 181 | /* decrypt and check the new nt hash */ | ||
| 182 | @@ -1780,7 +1789,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 183 | D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash); | ||
| 184 | if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) { | ||
| 185 | status = NT_STATUS_WRONG_PASSWORD; | ||
| 186 | - goto out; | ||
| 187 | + goto update_login; | ||
| 188 | } | ||
| 189 | |||
| 190 | /* The NT Cross is not required by Win2k3 R2, but if present | ||
| 191 | @@ -1789,7 +1798,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 192 | D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash); | ||
| 193 | if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) { | ||
| 194 | status = NT_STATUS_WRONG_PASSWORD; | ||
| 195 | - goto out; | ||
| 196 | + goto update_login; | ||
| 197 | } | ||
| 198 | } | ||
| 199 | |||
| 200 | @@ -1799,7 +1808,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 201 | D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash); | ||
| 202 | if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) { | ||
| 203 | status = NT_STATUS_WRONG_PASSWORD; | ||
| 204 | - goto out; | ||
| 205 | + goto update_login; | ||
| 206 | } | ||
| 207 | } | ||
| 208 | |||
| 209 | @@ -1810,6 +1819,55 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 210 | } | ||
| 211 | |||
| 212 | status = pdb_update_sam_account(pwd); | ||
| 213 | + | ||
| 214 | +update_login: | ||
| 215 | + | ||
| 216 | + /* | ||
| 217 | + * Notify passdb backend of login success/failure. If not | ||
| 218 | + * NT_STATUS_OK the backend doesn't like the login | ||
| 219 | + */ | ||
| 220 | + update_login_attempts_status = pdb_update_login_attempts(pwd, | ||
| 221 | + NT_STATUS_IS_OK(status)); | ||
| 222 | + | ||
| 223 | + if (!NT_STATUS_IS_OK(status)) { | ||
| 224 | + bool increment_bad_pw_count = false; | ||
| 225 | + | ||
| 226 | + if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) && | ||
| 227 | + (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && | ||
| 228 | + NT_STATUS_IS_OK(update_login_attempts_status)) | ||
| 229 | + { | ||
| 230 | + increment_bad_pw_count = true; | ||
| 231 | + } | ||
| 232 | + | ||
| 233 | + if (increment_bad_pw_count) { | ||
| 234 | + pdb_increment_bad_password_count(pwd); | ||
| 235 | + updated_badpw = true; | ||
| 236 | + } else { | ||
| 237 | + pdb_update_bad_password_count(pwd, | ||
| 238 | + &updated_badpw); | ||
| 239 | + } | ||
| 240 | + } else { | ||
| 241 | + | ||
| 242 | + if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && | ||
| 243 | + (pdb_get_bad_password_count(pwd) > 0)){ | ||
| 244 | + pdb_set_bad_password_count(pwd, 0, PDB_CHANGED); | ||
| 245 | + pdb_set_bad_password_time(pwd, 0, PDB_CHANGED); | ||
| 246 | + updated_badpw = true; | ||
| 247 | + } | ||
| 248 | + } | ||
| 249 | + | ||
| 250 | + if (updated_badpw) { | ||
| 251 | + NTSTATUS update_status; | ||
| 252 | + become_root(); | ||
| 253 | + update_status = pdb_update_sam_account(pwd); | ||
| 254 | + unbecome_root(); | ||
| 255 | + | ||
| 256 | + if (!NT_STATUS_IS_OK(update_status)) { | ||
| 257 | + DEBUG(1, ("Failed to modify entry: %s\n", | ||
| 258 | + nt_errstr(update_status))); | ||
| 259 | + } | ||
| 260 | + } | ||
| 261 | + | ||
| 262 | out: | ||
| 263 | TALLOC_FREE(pwd); | ||
| 264 | |||
| 265 | -- | ||
| 266 | 1.7.9.5 | ||
| 267 | |||
| 268 | |||
| 269 | From 059da248cf69a3b0ef29836f49367b938fb1cbda Mon Sep 17 00:00:00 2001 | ||
| 270 | From: Stefan Metzmacher <metze@samba.org> | ||
| 271 | Date: Tue, 5 Nov 2013 14:04:20 +0100 | ||
| 272 | Subject: [PATCH 2/3] CVE-2013-4496:s3:auth: fix memory leak in the | ||
| 273 | ACCOUNT_LOCKED_OUT case. | ||
| 274 | |||
| 275 | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 | ||
| 276 | |||
| 277 | Signed-off-by: Stefan Metzmacher <metze@samba.org> | ||
| 278 | Reviewed-by: Jeremy Allison <jra@samba.org> | ||
| 279 | Signed-off-by: Andrew Bartlett <abartlet@samba.org> | ||
| 280 | Reviewed-by: Andreas Schneider <asn@samba.org> | ||
| 281 | --- | ||
| 282 | source3/auth/check_samsec.c | 1 + | ||
| 283 | 1 file changed, 1 insertion(+) | ||
| 284 | |||
| 285 | diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c | ||
| 286 | index f918dc0..e2c42d6 100644 | ||
| 287 | --- a/source3/auth/check_samsec.c | ||
| 288 | +++ b/source3/auth/check_samsec.c | ||
| 289 | @@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, | ||
| 290 | /* Quit if the account was locked out. */ | ||
| 291 | if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { | ||
| 292 | DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); | ||
| 293 | + TALLOC_FREE(sampass); | ||
| 294 | return NT_STATUS_ACCOUNT_LOCKED_OUT; | ||
| 295 | } | ||
| 296 | |||
| 297 | -- | ||
| 298 | 1.7.9.5 | ||
| 299 | |||
| 300 | |||
| 301 | From 27f982ef33a1238ae48d7a38d608dd23ebde61ae Mon Sep 17 00:00:00 2001 | ||
| 302 | From: Andrew Bartlett <abartlet@samba.org> | ||
| 303 | Date: Tue, 5 Nov 2013 16:16:46 +1300 | ||
| 304 | Subject: [PATCH 3/3] CVE-2013-4496:samr: Remove ChangePasswordUser | ||
| 305 | |||
| 306 | This old password change mechanism does not provide the plaintext to | ||
| 307 | validate against password complexity, and it is not used by modern | ||
| 308 | clients. | ||
| 309 | |||
| 310 | The missing features in both implementations (by design) were: | ||
| 311 | |||
| 312 | - the password complexity checks (no plaintext) | ||
| 313 | - the minimum password length (no plaintext) | ||
| 314 | |||
| 315 | Additionally, the source3 version did not check: | ||
| 316 | |||
| 317 | - the minimum password age | ||
| 318 | - pdb_get_pass_can_change() which checks the security | ||
| 319 | descriptor for the 'user cannot change password' setting. | ||
| 320 | - the password history | ||
| 321 | - the output of the 'passwd program' if 'unix passwd sync = yes'. | ||
| 322 | |||
| 323 | Finally, the mechanism was almost useless, as it was incorrectly | ||
| 324 | only made available to administrative users with permission | ||
| 325 | to reset the password. It is removed here so that it is not | ||
| 326 | mistakenly reinstated in the future. | ||
| 327 | |||
| 328 | Andrew Bartlett | ||
| 329 | |||
| 330 | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 | ||
| 331 | |||
| 332 | Signed-off-by: Andrew Bartlett <abartlet@samba.org> | ||
| 333 | Reviewed-by: Andreas Schneider <asn@samba.org> | ||
| 334 | Reviewed-by: Stefan Metzmacher <metze@samba.org> | ||
| 335 | --- | ||
| 336 | source3/rpc_server/samr/srv_samr_nt.c | 169 +------------------- | ||
| 337 | source3/smbd/lanman.c | 254 ------------------------------- | ||
| 338 | source4/rpc_server/samr/samr_password.c | 126 +-------------- | ||
| 339 | source4/torture/rpc/samr.c | 12 +- | ||
| 340 | 4 files changed, 24 insertions(+), 537 deletions(-) | ||
| 341 | |||
| 342 | diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c | ||
| 343 | index 3241b97..2519a3f 100644 | ||
| 344 | --- a/source3/rpc_server/samr/srv_samr_nt.c | ||
| 345 | +++ b/source3/rpc_server/samr/srv_samr_nt.c | ||
| 346 | @@ -1706,172 +1706,19 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p, | ||
| 347 | } | ||
| 348 | |||
| 349 | /**************************************************************** | ||
| 350 | - _samr_ChangePasswordUser | ||
| 351 | + _samr_ChangePasswordUser. | ||
| 352 | + | ||
| 353 | + So old it is just not worth implementing | ||
| 354 | + because it does not supply a plaintext and so we can't do password | ||
| 355 | + complexity checking and cannot update other services that use a | ||
| 356 | + plaintext password via passwd chat/pam password change/ldap password | ||
| 357 | + sync. | ||
| 358 | ****************************************************************/ | ||
| 359 | |||
| 360 | NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, | ||
| 361 | struct samr_ChangePasswordUser *r) | ||
| 362 | { | ||
| 363 | - NTSTATUS status; | ||
| 364 | - bool ret = false; | ||
| 365 | - struct samr_user_info *uinfo; | ||
| 366 | - struct samu *pwd = NULL; | ||
| 367 | - struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; | ||
| 368 | - struct samr_Password lm_pwd, nt_pwd; | ||
| 369 | - bool updated_badpw = false; | ||
| 370 | - NTSTATUS update_login_attempts_status; | ||
| 371 | - | ||
| 372 | - uinfo = policy_handle_find(p, r->in.user_handle, | ||
| 373 | - SAMR_USER_ACCESS_SET_PASSWORD, NULL, | ||
| 374 | - struct samr_user_info, &status); | ||
| 375 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 376 | - return status; | ||
| 377 | - } | ||
| 378 | - | ||
| 379 | - DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n", | ||
| 380 | - sid_string_dbg(&uinfo->sid))); | ||
| 381 | - | ||
| 382 | - /* basic sanity checking on parameters. Do this before any database ops */ | ||
| 383 | - if (!r->in.lm_present || !r->in.nt_present || | ||
| 384 | - !r->in.old_lm_crypted || !r->in.new_lm_crypted || | ||
| 385 | - !r->in.old_nt_crypted || !r->in.new_nt_crypted) { | ||
| 386 | - /* we should really handle a change with lm not | ||
| 387 | - present */ | ||
| 388 | - return NT_STATUS_INVALID_PARAMETER_MIX; | ||
| 389 | - } | ||
| 390 | - | ||
| 391 | - if (!(pwd = samu_new(NULL))) { | ||
| 392 | - return NT_STATUS_NO_MEMORY; | ||
| 393 | - } | ||
| 394 | - | ||
| 395 | - become_root(); | ||
| 396 | - ret = pdb_getsampwsid(pwd, &uinfo->sid); | ||
| 397 | - unbecome_root(); | ||
| 398 | - | ||
| 399 | - if (!ret) { | ||
| 400 | - TALLOC_FREE(pwd); | ||
| 401 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 402 | - } | ||
| 403 | - | ||
| 404 | - /* Quit if the account was locked out. */ | ||
| 405 | - if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) { | ||
| 406 | - DEBUG(3, ("Account for user %s was locked out.\n", | ||
| 407 | - pdb_get_username(pwd))); | ||
| 408 | - status = NT_STATUS_ACCOUNT_LOCKED_OUT; | ||
| 409 | - goto out; | ||
| 410 | - } | ||
| 411 | - | ||
| 412 | - { | ||
| 413 | - const uint8_t *lm_pass, *nt_pass; | ||
| 414 | - | ||
| 415 | - lm_pass = pdb_get_lanman_passwd(pwd); | ||
| 416 | - nt_pass = pdb_get_nt_passwd(pwd); | ||
| 417 | - | ||
| 418 | - if (!lm_pass || !nt_pass) { | ||
| 419 | - status = NT_STATUS_WRONG_PASSWORD; | ||
| 420 | - goto update_login; | ||
| 421 | - } | ||
| 422 | - | ||
| 423 | - memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash)); | ||
| 424 | - memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash)); | ||
| 425 | - } | ||
| 426 | - | ||
| 427 | - /* decrypt and check the new lm hash */ | ||
| 428 | - D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash); | ||
| 429 | - D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash); | ||
| 430 | - if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) { | ||
| 431 | - status = NT_STATUS_WRONG_PASSWORD; | ||
| 432 | - goto update_login; | ||
| 433 | - } | ||
| 434 | - | ||
| 435 | - /* decrypt and check the new nt hash */ | ||
| 436 | - D_P16(nt_pwd.hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash); | ||
| 437 | - D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash); | ||
| 438 | - if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) { | ||
| 439 | - status = NT_STATUS_WRONG_PASSWORD; | ||
| 440 | - goto update_login; | ||
| 441 | - } | ||
| 442 | - | ||
| 443 | - /* The NT Cross is not required by Win2k3 R2, but if present | ||
| 444 | - check the nt cross hash */ | ||
| 445 | - if (r->in.cross1_present && r->in.nt_cross) { | ||
| 446 | - D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash); | ||
| 447 | - if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) { | ||
| 448 | - status = NT_STATUS_WRONG_PASSWORD; | ||
| 449 | - goto update_login; | ||
| 450 | - } | ||
| 451 | - } | ||
| 452 | - | ||
| 453 | - /* The LM Cross is not required by Win2k3 R2, but if present | ||
| 454 | - check the lm cross hash */ | ||
| 455 | - if (r->in.cross2_present && r->in.lm_cross) { | ||
| 456 | - D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash); | ||
| 457 | - if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) { | ||
| 458 | - status = NT_STATUS_WRONG_PASSWORD; | ||
| 459 | - goto update_login; | ||
| 460 | - } | ||
| 461 | - } | ||
| 462 | - | ||
| 463 | - if (!pdb_set_nt_passwd(pwd, new_ntPwdHash.hash, PDB_CHANGED) || | ||
| 464 | - !pdb_set_lanman_passwd(pwd, new_lmPwdHash.hash, PDB_CHANGED)) { | ||
| 465 | - status = NT_STATUS_ACCESS_DENIED; | ||
| 466 | - goto out; | ||
| 467 | - } | ||
| 468 | - | ||
| 469 | - status = pdb_update_sam_account(pwd); | ||
| 470 | - | ||
| 471 | -update_login: | ||
| 472 | - | ||
| 473 | - /* | ||
| 474 | - * Notify passdb backend of login success/failure. If not | ||
| 475 | - * NT_STATUS_OK the backend doesn't like the login | ||
| 476 | - */ | ||
| 477 | - update_login_attempts_status = pdb_update_login_attempts(pwd, | ||
| 478 | - NT_STATUS_IS_OK(status)); | ||
| 479 | - | ||
| 480 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 481 | - bool increment_bad_pw_count = false; | ||
| 482 | - | ||
| 483 | - if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) && | ||
| 484 | - (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && | ||
| 485 | - NT_STATUS_IS_OK(update_login_attempts_status)) | ||
| 486 | - { | ||
| 487 | - increment_bad_pw_count = true; | ||
| 488 | - } | ||
| 489 | - | ||
| 490 | - if (increment_bad_pw_count) { | ||
| 491 | - pdb_increment_bad_password_count(pwd); | ||
| 492 | - updated_badpw = true; | ||
| 493 | - } else { | ||
| 494 | - pdb_update_bad_password_count(pwd, | ||
| 495 | - &updated_badpw); | ||
| 496 | - } | ||
| 497 | - } else { | ||
| 498 | - | ||
| 499 | - if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && | ||
| 500 | - (pdb_get_bad_password_count(pwd) > 0)){ | ||
| 501 | - pdb_set_bad_password_count(pwd, 0, PDB_CHANGED); | ||
| 502 | - pdb_set_bad_password_time(pwd, 0, PDB_CHANGED); | ||
| 503 | - updated_badpw = true; | ||
| 504 | - } | ||
| 505 | - } | ||
| 506 | - | ||
| 507 | - if (updated_badpw) { | ||
| 508 | - NTSTATUS update_status; | ||
| 509 | - become_root(); | ||
| 510 | - update_status = pdb_update_sam_account(pwd); | ||
| 511 | - unbecome_root(); | ||
| 512 | - | ||
| 513 | - if (!NT_STATUS_IS_OK(update_status)) { | ||
| 514 | - DEBUG(1, ("Failed to modify entry: %s\n", | ||
| 515 | - nt_errstr(update_status))); | ||
| 516 | - } | ||
| 517 | - } | ||
| 518 | - | ||
| 519 | - out: | ||
| 520 | - TALLOC_FREE(pwd); | ||
| 521 | - | ||
| 522 | - return status; | ||
| 523 | + return NT_STATUS_NOT_IMPLEMENTED; | ||
| 524 | } | ||
| 525 | |||
| 526 | /******************************************************************* | ||
| 527 | diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c | ||
| 528 | index aef12df..3b4ec65 100644 | ||
| 529 | --- a/source3/smbd/lanman.c | ||
| 530 | +++ b/source3/smbd/lanman.c | ||
| 531 | @@ -2947,259 +2947,6 @@ static bool api_NetRemoteTOD(struct smbd_server_connection *sconn, | ||
| 532 | } | ||
| 533 | |||
| 534 | /**************************************************************************** | ||
| 535 | - Set the user password. | ||
| 536 | -*****************************************************************************/ | ||
| 537 | - | ||
| 538 | -static bool api_SetUserPassword(struct smbd_server_connection *sconn, | ||
| 539 | - connection_struct *conn,uint16 vuid, | ||
| 540 | - char *param, int tpscnt, | ||
| 541 | - char *data, int tdscnt, | ||
| 542 | - int mdrcnt,int mprcnt, | ||
| 543 | - char **rdata,char **rparam, | ||
| 544 | - int *rdata_len,int *rparam_len) | ||
| 545 | -{ | ||
| 546 | - char *np = get_safe_str_ptr(param,tpscnt,param,2); | ||
| 547 | - char *p = NULL; | ||
| 548 | - fstring user; | ||
| 549 | - fstring pass1,pass2; | ||
| 550 | - TALLOC_CTX *mem_ctx = talloc_tos(); | ||
| 551 | - NTSTATUS status, result; | ||
| 552 | - struct rpc_pipe_client *cli = NULL; | ||
| 553 | - struct policy_handle connect_handle, domain_handle, user_handle; | ||
| 554 | - struct lsa_String domain_name; | ||
| 555 | - struct dom_sid2 *domain_sid; | ||
| 556 | - struct lsa_String names; | ||
| 557 | - struct samr_Ids rids; | ||
| 558 | - struct samr_Ids types; | ||
| 559 | - struct samr_Password old_lm_hash; | ||
| 560 | - struct samr_Password new_lm_hash; | ||
| 561 | - int errcode = NERR_badpass; | ||
| 562 | - uint32_t rid; | ||
| 563 | - int encrypted; | ||
| 564 | - int min_pwd_length; | ||
| 565 | - struct dcerpc_binding_handle *b = NULL; | ||
| 566 | - | ||
| 567 | - /* Skip 2 strings. */ | ||
| 568 | - p = skip_string(param,tpscnt,np); | ||
| 569 | - p = skip_string(param,tpscnt,p); | ||
| 570 | - | ||
| 571 | - if (!np || !p) { | ||
| 572 | - return False; | ||
| 573 | - } | ||
| 574 | - | ||
| 575 | - /* Do we have a string ? */ | ||
| 576 | - if (skip_string(param,tpscnt,p) == NULL) { | ||
| 577 | - return False; | ||
| 578 | - } | ||
| 579 | - pull_ascii_fstring(user,p); | ||
| 580 | - | ||
| 581 | - p = skip_string(param,tpscnt,p); | ||
| 582 | - if (!p) { | ||
| 583 | - return False; | ||
| 584 | - } | ||
| 585 | - | ||
| 586 | - memset(pass1,'\0',sizeof(pass1)); | ||
| 587 | - memset(pass2,'\0',sizeof(pass2)); | ||
| 588 | - /* | ||
| 589 | - * We use 31 here not 32 as we're checking | ||
| 590 | - * the last byte we want to access is safe. | ||
| 591 | - */ | ||
| 592 | - if (!is_offset_safe(param,tpscnt,p,31)) { | ||
| 593 | - return False; | ||
| 594 | - } | ||
| 595 | - memcpy(pass1,p,16); | ||
| 596 | - memcpy(pass2,p+16,16); | ||
| 597 | - | ||
| 598 | - encrypted = get_safe_SVAL(param,tpscnt,p+32,0,-1); | ||
| 599 | - if (encrypted == -1) { | ||
| 600 | - errcode = W_ERROR_V(WERR_INVALID_PARAM); | ||
| 601 | - goto out; | ||
| 602 | - } | ||
| 603 | - | ||
| 604 | - min_pwd_length = get_safe_SVAL(param,tpscnt,p+34,0,-1); | ||
| 605 | - if (min_pwd_length == -1) { | ||
| 606 | - errcode = W_ERROR_V(WERR_INVALID_PARAM); | ||
| 607 | - goto out; | ||
| 608 | - } | ||
| 609 | - | ||
| 610 | - *rparam_len = 4; | ||
| 611 | - *rparam = smb_realloc_limit(*rparam,*rparam_len); | ||
| 612 | - if (!*rparam) { | ||
| 613 | - return False; | ||
| 614 | - } | ||
| 615 | - | ||
| 616 | - *rdata_len = 0; | ||
| 617 | - | ||
| 618 | - DEBUG(3,("Set password for <%s> (encrypted: %d, min_pwd_length: %d)\n", | ||
| 619 | - user, encrypted, min_pwd_length)); | ||
| 620 | - | ||
| 621 | - ZERO_STRUCT(connect_handle); | ||
| 622 | - ZERO_STRUCT(domain_handle); | ||
| 623 | - ZERO_STRUCT(user_handle); | ||
| 624 | - | ||
| 625 | - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id, | ||
| 626 | - conn->session_info, | ||
| 627 | - &conn->sconn->client_id, | ||
| 628 | - conn->sconn->msg_ctx, | ||
| 629 | - &cli); | ||
| 630 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 631 | - DEBUG(0,("api_SetUserPassword: could not connect to samr: %s\n", | ||
| 632 | - nt_errstr(status))); | ||
| 633 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 634 | - goto out; | ||
| 635 | - } | ||
| 636 | - | ||
| 637 | - b = cli->binding_handle; | ||
| 638 | - | ||
| 639 | - status = dcerpc_samr_Connect2(b, mem_ctx, | ||
| 640 | - global_myname(), | ||
| 641 | - SAMR_ACCESS_CONNECT_TO_SERVER | | ||
| 642 | - SAMR_ACCESS_ENUM_DOMAINS | | ||
| 643 | - SAMR_ACCESS_LOOKUP_DOMAIN, | ||
| 644 | - &connect_handle, | ||
| 645 | - &result); | ||
| 646 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 647 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 648 | - goto out; | ||
| 649 | - } | ||
| 650 | - if (!NT_STATUS_IS_OK(result)) { | ||
| 651 | - errcode = W_ERROR_V(ntstatus_to_werror(result)); | ||
| 652 | - goto out; | ||
| 653 | - } | ||
| 654 | - | ||
| 655 | - init_lsa_String(&domain_name, get_global_sam_name()); | ||
| 656 | - | ||
| 657 | - status = dcerpc_samr_LookupDomain(b, mem_ctx, | ||
| 658 | - &connect_handle, | ||
| 659 | - &domain_name, | ||
| 660 | - &domain_sid, | ||
| 661 | - &result); | ||
| 662 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 663 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 664 | - goto out; | ||
| 665 | - } | ||
| 666 | - if (!NT_STATUS_IS_OK(result)) { | ||
| 667 | - errcode = W_ERROR_V(ntstatus_to_werror(result)); | ||
| 668 | - goto out; | ||
| 669 | - } | ||
| 670 | - | ||
| 671 | - status = dcerpc_samr_OpenDomain(b, mem_ctx, | ||
| 672 | - &connect_handle, | ||
| 673 | - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, | ||
| 674 | - domain_sid, | ||
| 675 | - &domain_handle, | ||
| 676 | - &result); | ||
| 677 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 678 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 679 | - goto out; | ||
| 680 | - } | ||
| 681 | - if (!NT_STATUS_IS_OK(result)) { | ||
| 682 | - errcode = W_ERROR_V(ntstatus_to_werror(result)); | ||
| 683 | - goto out; | ||
| 684 | - } | ||
| 685 | - | ||
| 686 | - init_lsa_String(&names, user); | ||
| 687 | - | ||
| 688 | - status = dcerpc_samr_LookupNames(b, mem_ctx, | ||
| 689 | - &domain_handle, | ||
| 690 | - 1, | ||
| 691 | - &names, | ||
| 692 | - &rids, | ||
| 693 | - &types, | ||
| 694 | - &result); | ||
| 695 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 696 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 697 | - goto out; | ||
| 698 | - } | ||
| 699 | - if (!NT_STATUS_IS_OK(result)) { | ||
| 700 | - errcode = W_ERROR_V(ntstatus_to_werror(result)); | ||
| 701 | - goto out; | ||
| 702 | - } | ||
| 703 | - | ||
| 704 | - if (rids.count != 1) { | ||
| 705 | - errcode = W_ERROR_V(WERR_NO_SUCH_USER); | ||
| 706 | - goto out; | ||
| 707 | - } | ||
| 708 | - if (rids.count != types.count) { | ||
| 709 | - errcode = W_ERROR_V(WERR_INVALID_PARAM); | ||
| 710 | - goto out; | ||
| 711 | - } | ||
| 712 | - if (types.ids[0] != SID_NAME_USER) { | ||
| 713 | - errcode = W_ERROR_V(WERR_INVALID_PARAM); | ||
| 714 | - goto out; | ||
| 715 | - } | ||
| 716 | - | ||
| 717 | - rid = rids.ids[0]; | ||
| 718 | - | ||
| 719 | - status = dcerpc_samr_OpenUser(b, mem_ctx, | ||
| 720 | - &domain_handle, | ||
| 721 | - SAMR_USER_ACCESS_CHANGE_PASSWORD, | ||
| 722 | - rid, | ||
| 723 | - &user_handle, | ||
| 724 | - &result); | ||
| 725 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 726 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 727 | - goto out; | ||
| 728 | - } | ||
| 729 | - if (!NT_STATUS_IS_OK(result)) { | ||
| 730 | - errcode = W_ERROR_V(ntstatus_to_werror(result)); | ||
| 731 | - goto out; | ||
| 732 | - } | ||
| 733 | - | ||
| 734 | - if (encrypted == 0) { | ||
| 735 | - E_deshash(pass1, old_lm_hash.hash); | ||
| 736 | - E_deshash(pass2, new_lm_hash.hash); | ||
| 737 | - } else { | ||
| 738 | - ZERO_STRUCT(old_lm_hash); | ||
| 739 | - ZERO_STRUCT(new_lm_hash); | ||
| 740 | - memcpy(old_lm_hash.hash, pass1, MIN(strlen(pass1), 16)); | ||
| 741 | - memcpy(new_lm_hash.hash, pass1, MIN(strlen(pass2), 16)); | ||
| 742 | - } | ||
| 743 | - | ||
| 744 | - status = dcerpc_samr_ChangePasswordUser(b, mem_ctx, | ||
| 745 | - &user_handle, | ||
| 746 | - true, /* lm_present */ | ||
| 747 | - &old_lm_hash, | ||
| 748 | - &new_lm_hash, | ||
| 749 | - false, /* nt_present */ | ||
| 750 | - NULL, /* old_nt_crypted */ | ||
| 751 | - NULL, /* new_nt_crypted */ | ||
| 752 | - false, /* cross1_present */ | ||
| 753 | - NULL, /* nt_cross */ | ||
| 754 | - false, /* cross2_present */ | ||
| 755 | - NULL, /* lm_cross */ | ||
| 756 | - &result); | ||
| 757 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 758 | - errcode = W_ERROR_V(ntstatus_to_werror(status)); | ||
| 759 | - goto out; | ||
| 760 | - } | ||
| 761 | - if (!NT_STATUS_IS_OK(result)) { | ||
| 762 | - errcode = W_ERROR_V(ntstatus_to_werror(result)); | ||
| 763 | - goto out; | ||
| 764 | - } | ||
| 765 | - | ||
| 766 | - errcode = NERR_Success; | ||
| 767 | - out: | ||
| 768 | - | ||
| 769 | - if (b && is_valid_policy_hnd(&user_handle)) { | ||
| 770 | - dcerpc_samr_Close(b, mem_ctx, &user_handle, &result); | ||
| 771 | - } | ||
| 772 | - if (b && is_valid_policy_hnd(&domain_handle)) { | ||
| 773 | - dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result); | ||
| 774 | - } | ||
| 775 | - if (b && is_valid_policy_hnd(&connect_handle)) { | ||
| 776 | - dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result); | ||
| 777 | - } | ||
| 778 | - | ||
| 779 | - memset((char *)pass1,'\0',sizeof(fstring)); | ||
| 780 | - memset((char *)pass2,'\0',sizeof(fstring)); | ||
| 781 | - | ||
| 782 | - SSVAL(*rparam,0,errcode); | ||
| 783 | - SSVAL(*rparam,2,0); /* converter word */ | ||
| 784 | - return(True); | ||
| 785 | -} | ||
| 786 | - | ||
| 787 | -/**************************************************************************** | ||
| 788 | Set the user password (SamOEM version - gets plaintext). | ||
| 789 | ****************************************************************************/ | ||
| 790 | |||
| 791 | @@ -5790,7 +5537,6 @@ static const struct { | ||
| 792 | {"NetServerEnum2", RAP_NetServerEnum2, api_RNetServerEnum2}, /* anon OK */ | ||
| 793 | {"NetServerEnum3", RAP_NetServerEnum3, api_RNetServerEnum3}, /* anon OK */ | ||
| 794 | {"WAccessGetUserPerms",RAP_WAccessGetUserPerms,api_WAccessGetUserPerms}, | ||
| 795 | - {"SetUserPassword", RAP_WUserPasswordSet2, api_SetUserPassword}, | ||
| 796 | {"WWkstaUserLogon", RAP_WWkstaUserLogon, api_WWkstaUserLogon}, | ||
| 797 | {"PrintJobInfo", RAP_WPrintJobSetInfo, api_PrintJobInfo}, | ||
| 798 | {"WPrintDriverEnum", RAP_WPrintDriverEnum, api_WPrintDriverEnum}, | ||
| 799 | diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c | ||
| 800 | index ee13a11..e618740 100644 | ||
| 801 | --- a/source4/rpc_server/samr/samr_password.c | ||
| 802 | +++ b/source4/rpc_server/samr/samr_password.c | ||
| 803 | @@ -32,131 +32,17 @@ | ||
| 804 | |||
| 805 | /* | ||
| 806 | samr_ChangePasswordUser | ||
| 807 | + | ||
| 808 | + So old it is just not worth implementing | ||
| 809 | + because it does not supply a plaintext and so we can't do password | ||
| 810 | + complexity checking and cannot update all the other password hashes. | ||
| 811 | + | ||
| 812 | */ | ||
| 813 | NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, | ||
| 814 | TALLOC_CTX *mem_ctx, | ||
| 815 | struct samr_ChangePasswordUser *r) | ||
| 816 | { | ||
| 817 | - struct dcesrv_handle *h; | ||
| 818 | - struct samr_account_state *a_state; | ||
| 819 | - struct ldb_context *sam_ctx; | ||
| 820 | - struct ldb_message **res; | ||
| 821 | - int ret; | ||
| 822 | - struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; | ||
| 823 | - struct samr_Password *lm_pwd, *nt_pwd; | ||
| 824 | - NTSTATUS status = NT_STATUS_OK; | ||
| 825 | - const char * const attrs[] = { "dBCSPwd", "unicodePwd" , NULL }; | ||
| 826 | - | ||
| 827 | - DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); | ||
| 828 | - | ||
| 829 | - a_state = h->data; | ||
| 830 | - | ||
| 831 | - /* basic sanity checking on parameters. Do this before any database ops */ | ||
| 832 | - if (!r->in.lm_present || !r->in.nt_present || | ||
| 833 | - !r->in.old_lm_crypted || !r->in.new_lm_crypted || | ||
| 834 | - !r->in.old_nt_crypted || !r->in.new_nt_crypted) { | ||
| 835 | - /* we should really handle a change with lm not | ||
| 836 | - present */ | ||
| 837 | - return NT_STATUS_INVALID_PARAMETER_MIX; | ||
| 838 | - } | ||
| 839 | - | ||
| 840 | - /* Connect to a SAMDB with system privileges for fetching the old pw | ||
| 841 | - * hashes. */ | ||
| 842 | - sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, | ||
| 843 | - dce_call->conn->dce_ctx->lp_ctx, | ||
| 844 | - system_session(dce_call->conn->dce_ctx->lp_ctx), 0); | ||
| 845 | - if (sam_ctx == NULL) { | ||
| 846 | - return NT_STATUS_INVALID_SYSTEM_SERVICE; | ||
| 847 | - } | ||
| 848 | - | ||
| 849 | - /* fetch the old hashes */ | ||
| 850 | - ret = gendb_search_dn(sam_ctx, mem_ctx, | ||
| 851 | - a_state->account_dn, &res, attrs); | ||
| 852 | - if (ret != 1) { | ||
| 853 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 854 | - } | ||
| 855 | - | ||
| 856 | - status = samdb_result_passwords(mem_ctx, | ||
| 857 | - dce_call->conn->dce_ctx->lp_ctx, | ||
| 858 | - res[0], &lm_pwd, &nt_pwd); | ||
| 859 | - if (!NT_STATUS_IS_OK(status) || !nt_pwd) { | ||
| 860 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 861 | - } | ||
| 862 | - | ||
| 863 | - /* decrypt and check the new lm hash */ | ||
| 864 | - if (lm_pwd) { | ||
| 865 | - D_P16(lm_pwd->hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash); | ||
| 866 | - D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash); | ||
| 867 | - if (memcmp(checkHash.hash, lm_pwd, 16) != 0) { | ||
| 868 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 869 | - } | ||
| 870 | - } | ||
| 871 | - | ||
| 872 | - /* decrypt and check the new nt hash */ | ||
| 873 | - D_P16(nt_pwd->hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash); | ||
| 874 | - D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash); | ||
| 875 | - if (memcmp(checkHash.hash, nt_pwd, 16) != 0) { | ||
| 876 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 877 | - } | ||
| 878 | - | ||
| 879 | - /* The NT Cross is not required by Win2k3 R2, but if present | ||
| 880 | - check the nt cross hash */ | ||
| 881 | - if (r->in.cross1_present && r->in.nt_cross && lm_pwd) { | ||
| 882 | - D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash); | ||
| 883 | - if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) { | ||
| 884 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 885 | - } | ||
| 886 | - } | ||
| 887 | - | ||
| 888 | - /* The LM Cross is not required by Win2k3 R2, but if present | ||
| 889 | - check the lm cross hash */ | ||
| 890 | - if (r->in.cross2_present && r->in.lm_cross && lm_pwd) { | ||
| 891 | - D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash); | ||
| 892 | - if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) { | ||
| 893 | - return NT_STATUS_WRONG_PASSWORD; | ||
| 894 | - } | ||
| 895 | - } | ||
| 896 | - | ||
| 897 | - /* Start a SAM with user privileges for the password change */ | ||
| 898 | - sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, | ||
| 899 | - dce_call->conn->dce_ctx->lp_ctx, | ||
| 900 | - dce_call->conn->auth_state.session_info, 0); | ||
| 901 | - if (sam_ctx == NULL) { | ||
| 902 | - return NT_STATUS_INVALID_SYSTEM_SERVICE; | ||
| 903 | - } | ||
| 904 | - | ||
| 905 | - /* Start transaction */ | ||
| 906 | - ret = ldb_transaction_start(sam_ctx); | ||
| 907 | - if (ret != LDB_SUCCESS) { | ||
| 908 | - DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ctx))); | ||
| 909 | - return NT_STATUS_TRANSACTION_ABORTED; | ||
| 910 | - } | ||
| 911 | - | ||
| 912 | - /* Performs the password modification. We pass the old hashes read out | ||
| 913 | - * from the database since they were already checked against the user- | ||
| 914 | - * provided ones. */ | ||
| 915 | - status = samdb_set_password(sam_ctx, mem_ctx, | ||
| 916 | - a_state->account_dn, | ||
| 917 | - a_state->domain_state->domain_dn, | ||
| 918 | - NULL, &new_lmPwdHash, &new_ntPwdHash, | ||
| 919 | - lm_pwd, nt_pwd, /* this is a user password change */ | ||
| 920 | - NULL, | ||
| 921 | - NULL); | ||
| 922 | - if (!NT_STATUS_IS_OK(status)) { | ||
| 923 | - ldb_transaction_cancel(sam_ctx); | ||
| 924 | - return status; | ||
| 925 | - } | ||
| 926 | - | ||
| 927 | - /* And this confirms it in a transaction commit */ | ||
| 928 | - ret = ldb_transaction_commit(sam_ctx); | ||
| 929 | - if (ret != LDB_SUCCESS) { | ||
| 930 | - DEBUG(1,("Failed to commit transaction to change password on %s: %s\n", | ||
| 931 | - ldb_dn_get_linearized(a_state->account_dn), | ||
| 932 | - ldb_errstring(sam_ctx))); | ||
| 933 | - return NT_STATUS_TRANSACTION_ABORTED; | ||
| 934 | - } | ||
| 935 | - | ||
| 936 | - return NT_STATUS_OK; | ||
| 937 | + return NT_STATUS_NOT_IMPLEMENTED; | ||
| 938 | } | ||
| 939 | |||
| 940 | /* | ||
| 941 | diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c | ||
| 942 | index 7d9a1e2..adfc5d4 100644 | ||
| 943 | --- a/source4/torture/rpc/samr.c | ||
| 944 | +++ b/source4/torture/rpc/samr.c | ||
| 945 | @@ -1728,8 +1728,16 @@ static bool test_ChangePasswordUser(struct dcerpc_binding_handle *b, | ||
| 946 | |||
| 947 | torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r), | ||
| 948 | "ChangePasswordUser failed"); | ||
| 949 | - torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, | ||
| 950 | - "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash"); | ||
| 951 | + | ||
| 952 | + /* Do not proceed if this call has been removed */ | ||
| 953 | + if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) { | ||
| 954 | + return true; | ||
| 955 | + } | ||
| 956 | + | ||
| 957 | + if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) { | ||
| 958 | + torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, | ||
| 959 | + "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash"); | ||
| 960 | + } | ||
| 961 | |||
| 962 | /* Unbreak the LM hash */ | ||
| 963 | hash1.hash[0]--; | ||
| 964 | -- | ||
| 965 | 1.7.9.5 | ||
| 966 | |||
diff --git a/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb b/meta-oe/recipes-connectivity/samba/samba_3.6.24.bb index cf13a0f58e..8860da0889 100644 --- a/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb +++ b/meta-oe/recipes-connectivity/samba/samba_3.6.24.bb | |||
| @@ -3,8 +3,6 @@ require samba-basic.inc | |||
| 3 | LICENSE = "GPLv3" | 3 | LICENSE = "GPLv3" |
| 4 | LIC_FILES_CHKSUM = "file://../COPYING;md5=d32239bcb673463ab874e80d47fae504" | 4 | LIC_FILES_CHKSUM = "file://../COPYING;md5=d32239bcb673463ab874e80d47fae504" |
| 5 | 5 | ||
| 6 | PR = "r8" | ||
| 7 | |||
| 8 | SRC_URI += "\ | 6 | SRC_URI += "\ |
| 9 | file://config-h.patch \ | 7 | file://config-h.patch \ |
| 10 | file://documentation.patch;patchdir=.. \ | 8 | file://documentation.patch;patchdir=.. \ |
| @@ -30,14 +28,9 @@ SRC_URI += "\ | |||
| 30 | file://configure-disable-getaddrinfo-cross.patch;patchdir=.. \ | 28 | file://configure-disable-getaddrinfo-cross.patch;patchdir=.. \ |
| 31 | file://configure-disable-core_pattern-cross-check.patch;patchdir=.. \ | 29 | file://configure-disable-core_pattern-cross-check.patch;patchdir=.. \ |
| 32 | file://configure-libunwind.patch;patchdir=.. \ | 30 | file://configure-libunwind.patch;patchdir=.. \ |
| 33 | file://samba-3.6.22-CVE-2013-4496.patch;patchdir=.. \ | ||
| 34 | file://0001-PIDL-fix-parsing-linemarkers-in-preprocessor-output.patch;patchdir=.. \ | ||
| 35 | file://samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch;patchdir=.. \ | ||
| 36 | file://samba-3.6.16-CVE-2013-4124.patch;patchdir=.. \ | ||
| 37 | file://samba-3.6.19-CVE-2013-4475.patch;patchdir=.. \ | ||
| 38 | " | 31 | " |
| 39 | SRC_URI[md5sum] = "fbb245863eeef2fffe172df779a217be" | 32 | SRC_URI[md5sum] = "d98425c0c2b73e08f048d31ffc727fb0" |
| 40 | SRC_URI[sha256sum] = "4f5a171a8d902c6b4f822ed875c51eb8339196d9ccf0ecd7f6521c966b3514de" | 33 | SRC_URI[sha256sum] = "11d0bd04b734731970259efc6692b8e749ff671a9b56d8cc5fa98c192ab234a7" |
| 41 | 34 | ||
| 42 | S = "${WORKDIR}/samba-${PV}/source3" | 35 | S = "${WORKDIR}/samba-${PV}/source3" |
| 43 | 36 | ||
