diff options
author | Ralph Boehme <slow@samba.org> | 2018-02-22 10:54:37 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-03-13 10:25:39 +0100 |
commit | 7cc374973406c49130fff019de26bdf0db48f494 (patch) | |
tree | caa2552ac571f70a800a1d0921b7426e77b8f5de /selftest | |
parent | a192242f81bf21096ee497805cd63ad43ee20515 (diff) | |
download | samba-7cc374973406c49130fff019de26bdf0db48f494.tar.gz |
CVE-2018-1057: s4/dsdb: correctly detect password resets
This change ensures we correctly treat the following LDIF
dn: cn=testuser,cn=users,...
changetype: modify
delete: userPassword
add: userPassword
userPassword: thatsAcomplPASS1
as a password reset. Because delete and add element counts are both
one, the ACL module wrongly treated this as a password change
request.
For a password change we need at least one value to delete and one value
to add. This patch ensures we correctly check attributes and their
values.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail.d/samba4.ldap.passwords.python | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/selftest/knownfail.d/samba4.ldap.passwords.python b/selftest/knownfail.d/samba4.ldap.passwords.python deleted file mode 100644 index 343c5a7867d..00000000000 --- a/selftest/knownfail.d/samba4.ldap.passwords.python +++ /dev/null @@ -1,2 +0,0 @@ -samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_userPassword -samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_unicodePwd |