git.samba.org - samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 5 Nov 2013 03:16:46 +0000 (16:16 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 11 Mar 2014 10:59:20 +0000 (11:59 +0100)
commit	8fee6bd909714a487841001bcc82bf8f8665ca06
tree	d9493b16b4d69629f23cb7bcfbbf62ecb6d250b8	tree
parent	139b90d29a1b05a3c376c9c9be11c967967e2be3	commit \| diff

CVE-2013-4496:samr: Remove ChangePasswordUser

This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.

The missing features in both implementations (by design) were:

- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)

Additionally, the source3 version did not check:

- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

source3/rpc_server/samr/srv_samr_nt.c		diff \| blob \| history
source3/smbd/lanman.c		diff \| blob \| history
source4/rpc_server/samr/samr_password.c		diff \| blob \| history
source4/torture/rpc/samr.c		diff \| blob \| history