The Samba-Bugzilla – Attachment 16386 Details for
Bug 14611
CVE-2021-20251 [SECURITY] Bad password count not incremented atomically
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Initial patch
samba-check_sam_security-silly-hack.patch (text/plain), 2.54 KB, created by
Jeremy Allison
on 2021-01-08 18:45:17 UTC
(
hide
)
Description:
Initial patch
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2021-01-08 18:45:17 UTC
Size:
2.54 KB
patch
obsolete
>diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c >index 53b6da53dc1..fa735c968e6 100644 >--- a/source3/auth/check_samsec.c >+++ b/source3/auth/check_samsec.c >@@ -25,6 +25,11 @@ > #include "../libcli/auth/libcli_auth.h" > #include "passdb.h" > >+#include <unistd.h> >+#include <sys/types.h> >+#include <sys/stat.h> >+#include <fcntl.h> >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_AUTH > >@@ -380,6 +385,22 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, > const uint8_t *lm_pw; > uint32_t acct_ctrl; > >+ // XXX HACK - one process at a time through here >+ int lockf_ret; >+ int hack_fd = open("/run/lock/samba-hack", O_CREAT|O_RDWR, 0666); >+ if (hack_fd < 0) >+ { >+ DEBUG(0, ("open lock fd FAILED\n")); >+ } >+ else >+ { >+ lockf_ret = lockf(hack_fd, F_LOCK, 0); >+ if (lockf_ret < 0) >+ DEBUG(0, ("lockf lock FAILED\n")); >+ else >+ DEBUG(0, ("lockf locked\n")); >+ } >+ > /* the returned struct gets kept on the server_info, by means > of a steal further down */ > >@@ -409,6 +430,19 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, > /* Quit if the account was locked out. */ > if (acct_ctrl & ACB_AUTOLOCK) { > DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); >+ // XXX HACK >+ if (hack_fd >= 0) >+ { >+ if (lockf_ret == 0) >+ { >+ lockf_ret = lockf(hack_fd, F_ULOCK, 0); >+ if (lockf_ret < 0) >+ DEBUG(0, ("lockf unlock FAILED\n")); >+ else >+ DEBUG(0, ("lockf unlocked\n")); >+ } >+ close(hack_fd); >+ } > TALLOC_FREE(sampass); > return NT_STATUS_ACCOUNT_LOCKED_OUT; > } >@@ -507,6 +541,20 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, > (*server_info)->nss_token |= user_info->was_mapped; > > done: >+ // XXX HACK >+ if (hack_fd >= 0) >+ { >+ if (lockf_ret == 0) >+ { >+ lockf_ret = lockf(hack_fd, F_ULOCK, 0); >+ if (lockf_ret < 0) >+ DEBUG(0, ("lockf unlock FAILED\n")); >+ else >+ DEBUG(0, ("lockf unlocked\n")); >+ } >+ close(hack_fd); >+ } >+ > TALLOC_FREE(sampass); > data_blob_free(&user_sess_key); > data_blob_free(&lm_sess_key); >diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c >index 64e05b346de..02e61bdad11 100644 >--- a/source3/passdb/passdb.c >+++ b/source3/passdb/passdb.c >@@ -2253,6 +2253,10 @@ bool pdb_increment_bad_password_count(struct samu *sampass) > and autolocking if necessary > */ > >+ // XXX HACK >+ DEBUG(0, ("bad password count is %u, bad attempt lockout at %u\n", >+ pdb_get_bad_password_count(sampass), account_policy_lockout)); >+ > pdb_set_bad_password_count(sampass, > pdb_get_bad_password_count(sampass)+1, > PDB_CHANGED);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14611
:
16386
|
16390
|
16391
|
16392
|
16393
|
16411
|
16474
|
16483
|
16484
|
16485
|
16486
|
16487
|
16573
|
17410
|
17411
|
17413
|
17436
|
17452
|
17453
|
17456
|
17513
|
17521
|
17733
|
17734