CVE-2018-1057: s4/dsdb: correctly detect password resets

This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Ralph Boehme <slow@samba.org> 2018-02-22 10:54:37 +0100
committer: Stefan Metzmacher <metze@samba.org> 2018-03-13 10:23:10 +0100
commit: 4e30547371cf9e38cd7a219dd43c9bc5c7a2a7fb (patch)
tree: 1fad303ab7f600af8fc5419834520b83644ea021 /selftest
parent: bd3960888e1f8ef89b35e2075fc17a6ae525cb9e (diff)
download: samba-4e30547371cf9e38cd7a219dd43c9bc5c7a2a7fb.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/selftest/knownfail.d/samba4.ldap.passwords.python b/selftest/knownfail.d/samba4.ldap.passwords.python
deleted file mode 100644
index 343c5a7867d..00000000000
--- a/selftest/knownfail.d/samba4.ldap.passwords.python
+++ /dev/null
@@ -1,2 +0,0 @@
-samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_userPassword
-samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_unicodePwd
author	Ralph Boehme <slow@samba.org>	2018-02-22 10:54:37 +0100
committer	Stefan Metzmacher <metze@samba.org>	2018-03-13 10:23:10 +0100
commit	4e30547371cf9e38cd7a219dd43c9bc5c7a2a7fb (patch)
tree	1fad303ab7f600af8fc5419834520b83644ea021 /selftest
parent	bd3960888e1f8ef89b35e2075fc17a6ae525cb9e (diff)
download	samba-4e30547371cf9e38cd7a219dd43c9bc5c7a2a7fb.tar.gz