CVE-2018-1057: s4/dsdb: correctly detect password resets

This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Ralph Boehme <slow@samba.org> 2018-02-22 10:54:37 +0100
committer: Karolin Seeger <kseeger@samba.org> 2018-03-13 10:25:39 +0100
commit: 7cc374973406c49130fff019de26bdf0db48f494 (patch)
tree: caa2552ac571f70a800a1d0921b7426e77b8f5de /selftest
parent: a192242f81bf21096ee497805cd63ad43ee20515 (diff)
download: samba-7cc374973406c49130fff019de26bdf0db48f494.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/selftest/knownfail.d/samba4.ldap.passwords.python b/selftest/knownfail.d/samba4.ldap.passwords.python
deleted file mode 100644
index 343c5a7867d..00000000000
--- a/selftest/knownfail.d/samba4.ldap.passwords.python
+++ /dev/null
@@ -1,2 +0,0 @@
-samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_userPassword
-samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_unicodePwd
author	Ralph Boehme <slow@samba.org>	2018-02-22 10:54:37 +0100
committer	Karolin Seeger <kseeger@samba.org>	2018-03-13 10:25:39 +0100
commit	7cc374973406c49130fff019de26bdf0db48f494 (patch)
tree	caa2552ac571f70a800a1d0921b7426e77b8f5de /selftest
parent	a192242f81bf21096ee497805cd63ad43ee20515 (diff)
download	samba-7cc374973406c49130fff019de26bdf0db48f494.tar.gz