From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mail.openembedded.org (Postfix) with ESMTP id 9D6636B4F7 for ; Mon, 23 Jun 2014 11:05:02 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id n15so3999443wiw.11 for ; Mon, 23 Jun 2014 04:05:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:date:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=qdqXJ8O+fnN8UnWqqtxzukp0WAwxKuQtoDqiTcAZMHA=; b=qhVgxdh34Vxi5jo7rdDC4B9TzDtyAp2fy3lKwwebaOfGp2FEyrfPm5EoDCqjxnLE4p hglUlDU1GObSOlR+vvoNub4gGqdAxsxQt5/x77vs5ToymkIO23DQbi4YA3lmfwYyg63K aPDO3vjIyILzq+xide/JqfOcvwwwyqQqyWPtQcMOGD9dz/GY+IZ5pSJi/Q03BlZmdrxM X+mO4QlGeox9kQkscUmgW6HxOFANYczev0vCMmPpuRb9yyyJu6mV7jVHiy56/lanf4/t /NDzEBb9p+uRDH1eSnw85fy1ncePI8VRnIHJNpKGUTnvFYOr3DF/dGdInUu11ntMSEeT ng6g== X-Received: by 10.180.206.73 with SMTP id lm9mr25121160wic.54.1403521500096; Mon, 23 Jun 2014 04:05:00 -0700 (PDT) Received: from localhost (ip-89-176-104-3.net.upcbroadband.cz. [89.176.104.3]) by mx.google.com with ESMTPSA id h13sm29467661wjs.2.2014.06.23.04.04.58 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Jun 2014 04:04:59 -0700 (PDT) From: Martin Jansa X-Google-Original-From: Martin Jansa Date: Mon, 23 Jun 2014 13:05:00 +0200 To: openembedded-devel@lists.openembedded.org Message-ID: <20140623110500.GC2437@jama> References: <1402639978-4607-1-git-send-email-Chong.Lu@windriver.com> <20140613111128.GG2428@jama> MIME-Version: 1.0 In-Reply-To: <20140613111128.GG2428@jama> User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [PATCH 1/5] samba: Security Advisory - CVE-2013-4496 X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: openembedded-devel@lists.openembedded.org List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 11:05:06 -0000 X-Groupsio-MsgNum: 50517 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dkEUBIird37B8yKS" Content-Disposition: inline --dkEUBIird37B8yKS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 13, 2014 at 01:11:28PM +0200, Martin Jansa wrote: > On Fri, Jun 13, 2014 at 02:12:54PM +0800, Chong Lu wrote: > > Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 > > does not enforce the password-guessing protection mechanism for all > > interfaces, which makes it easier for remote attackers to obtain access > > via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. > >=20 > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-4496 >=20 > As you care about samba, would you mind sending fix for autodetecting > talloc? >=20 > see > http://lists.openembedded.org/pipermail/openembedded-core/2014-June/09341= 4.html I've merged this changes (as I don't want to block security fixes), but please fix autodetecting talloc. > > Signed-off-by: Yue Tao > > Signed-off-by: Chong Lu > > --- > > .../samba/samba/samba-3.6.22-CVE-2013-4496.patch | 966 ++++++++++++= ++++++++ > > meta-oe/recipes-connectivity/samba/samba_3.6.8.bb | 1 + > > 2 files changed, 967 insertions(+) > > create mode 100644 meta-oe/recipes-connectivity/samba/samba/samba-3.6.= 22-CVE-2013-4496.patch > >=20 > > diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-= 2013-4496.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE= -2013-4496.patch > > new file mode 100644 > > index 0000000..c190a6c > > --- /dev/null > > +++ b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.22-CVE-2013-44= 96.patch > > @@ -0,0 +1,966 @@ > > +Upstream-Status: Backport > > + > > +From 25066eb31d6608075b5993b0d19b3e0843cdadeb Mon Sep 17 00:00:00 2001 > > +From: Andrew Bartlett > > +Date: Fri, 1 Nov 2013 14:55:44 +1300 > > +Subject: [PATCH 1/3] CVE-2013-4496:s3-samr: Block attempts to crack pa= sswords > > + via repeated password changes > > + > > +Bug: https://bugzilla.samba.org/show_bug.cgi?id=3D10245 > > + > > +Signed-off-by: Andrew Bartlett > > +Signed-off-by: Stefan Metzmacher > > +Signed-off-by: Jeremy Allison > > +Reviewed-by: Stefan Metzmacher > > +Reviewed-by: Jeremy Allison > > +Reviewed-by: Andreas Schneider > > +--- > > + source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++++++++++++++++ > > + source3/rpc_server/samr/srv_samr_nt.c | 90 +++++++++++++++++= ++++----- > > + 2 files changed, 129 insertions(+), 16 deletions(-) > > + > > +diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rp= c_server/samr/srv_samr_chgpasswd.c > > +index 0b4b25b..59905be 100644 > > +--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c > > ++++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c > > +@@ -1106,6 +1106,8 @@ NTSTATUS pass_oem_change(char *user, const char = *rhost, > > + struct samu *sampass =3D NULL; > > + NTSTATUS nt_status; > > + bool ret =3D false; > > ++ bool updated_badpw =3D false; > > ++ NTSTATUS update_login_attempts_status; > > +=20 > > + if (!(sampass =3D samu_new(NULL))) { > > + return NT_STATUS_NO_MEMORY; > > +@@ -1121,6 +1123,13 @@ NTSTATUS pass_oem_change(char *user, const char= *rhost, > > + return NT_STATUS_NO_SUCH_USER; > > + } > > +=20 > > ++ /* Quit if the account was locked out. */ > > ++ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { > > ++ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n= ", user)); > > ++ TALLOC_FREE(sampass); > > ++ return NT_STATUS_ACCOUNT_LOCKED_OUT; > > ++ } > > ++ > > + nt_status =3D check_oem_password(user, > > + password_encrypted_with_lm_hash, > > + old_lm_hash_encrypted, > > +@@ -1129,6 +1138,52 @@ NTSTATUS pass_oem_change(char *user, const char= *rhost, > > + sampass, > > + &new_passwd); > > +=20 > > ++ /* > > ++ * Notify passdb backend of login success/failure. If not > > ++ * NT_STATUS_OK the backend doesn't like the login > > ++ */ > > ++ update_login_attempts_status =3D pdb_update_login_attempts(sampass, > > ++ NT_STATUS_IS_OK(nt_status)); > > ++ > > ++ if (!NT_STATUS_IS_OK(nt_status)) { > > ++ bool increment_bad_pw_count =3D false; > > ++ > > ++ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) && > > ++ (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && > > ++ NT_STATUS_IS_OK(update_login_attempts_status)) > > ++ { > > ++ increment_bad_pw_count =3D true; > > ++ } > > ++ > > ++ if (increment_bad_pw_count) { > > ++ pdb_increment_bad_password_count(sampass); > > ++ updated_badpw =3D true; > > ++ } else { > > ++ pdb_update_bad_password_count(sampass, > > ++ &updated_badpw); > > ++ } > > ++ } else { > > ++ > > ++ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && > > ++ (pdb_get_bad_password_count(sampass) > 0)){ > > ++ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); > > ++ pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); > > ++ updated_badpw =3D true; > > ++ } > > ++ } > > ++ > > ++ if (updated_badpw) { > > ++ NTSTATUS update_status; > > ++ become_root(); > > ++ update_status =3D pdb_update_sam_account(sampass); > > ++ unbecome_root(); > > ++ > > ++ if (!NT_STATUS_IS_OK(update_status)) { > > ++ DEBUG(1, ("Failed to modify entry: %s\n", > > ++ nt_errstr(update_status))); > > ++ } > > ++ } > > ++ > > + if (!NT_STATUS_IS_OK(nt_status)) { > > + TALLOC_FREE(sampass); > > + return nt_status; > > +diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_serve= r/samr/srv_samr_nt.c > > +index 78ef1ba..3241b97 100644 > > +--- a/source3/rpc_server/samr/srv_samr_nt.c > > ++++ b/source3/rpc_server/samr/srv_samr_nt.c > > +@@ -1715,9 +1715,11 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_= struct *p, > > + NTSTATUS status; > > + bool ret =3D false; > > + struct samr_user_info *uinfo; > > +- struct samu *pwd; > > ++ struct samu *pwd =3D NULL; > > + struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; > > + struct samr_Password lm_pwd, nt_pwd; > > ++ bool updated_badpw =3D false; > > ++ NTSTATUS update_login_attempts_status; > > +=20 > > + uinfo =3D policy_handle_find(p, r->in.user_handle, > > + SAMR_USER_ACCESS_SET_PASSWORD, NULL, > > +@@ -1729,6 +1731,15 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_= struct *p, > > + DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n", > > + sid_string_dbg(&uinfo->sid))); > > +=20 > > ++ /* basic sanity checking on parameters. Do this before any database= ops */ > > ++ if (!r->in.lm_present || !r->in.nt_present || > > ++ !r->in.old_lm_crypted || !r->in.new_lm_crypted || > > ++ !r->in.old_nt_crypted || !r->in.new_nt_crypted) { > > ++ /* we should really handle a change with lm not > > ++ present */ > > ++ return NT_STATUS_INVALID_PARAMETER_MIX; > > ++ } > > ++ > > + if (!(pwd =3D samu_new(NULL))) { > > + return NT_STATUS_NO_MEMORY; > > + } > > +@@ -1742,6 +1753,14 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_= struct *p, > > + return NT_STATUS_WRONG_PASSWORD; > > + } > > +=20 > > ++ /* Quit if the account was locked out. */ > > ++ if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) { > > ++ DEBUG(3, ("Account for user %s was locked out.\n", > > ++ pdb_get_username(pwd))); > > ++ status =3D NT_STATUS_ACCOUNT_LOCKED_OUT; > > ++ goto out; > > ++ } > > ++ > > + { > > + const uint8_t *lm_pass, *nt_pass; > > +=20 > > +@@ -1750,29 +1769,19 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes= _struct *p, > > +=20 > > + if (!lm_pass || !nt_pass) { > > + status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto out; > > ++ goto update_login; > > + } > > +=20 > > + memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash)); > > + memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash)); > > + } > > +=20 > > +- /* basic sanity checking on parameters. Do this before any database= ops */ > > +- if (!r->in.lm_present || !r->in.nt_present || > > +- !r->in.old_lm_crypted || !r->in.new_lm_crypted || > > +- !r->in.old_nt_crypted || !r->in.new_nt_crypted) { > > +- /* we should really handle a change with lm not > > +- present */ > > +- status =3D NT_STATUS_INVALID_PARAMETER_MIX; > > +- goto out; > > +- } > > +- > > + /* decrypt and check the new lm hash */ > > + D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash); > > + D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash= ); > > + if (memcmp(checkHash.hash, lm_pwd.hash, 16) !=3D 0) { > > + status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto out; > > ++ goto update_login; > > + } > > +=20 > > + /* decrypt and check the new nt hash */ > > +@@ -1780,7 +1789,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_s= truct *p, > > + D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash= ); > > + if (memcmp(checkHash.hash, nt_pwd.hash, 16) !=3D 0) { > > + status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto out; > > ++ goto update_login; > > + } > > +=20 > > + /* The NT Cross is not required by Win2k3 R2, but if present > > +@@ -1789,7 +1798,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_s= truct *p, > > + D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash); > > + if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) !=3D 0) { > > + status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto out; > > ++ goto update_login; > > + } > > + } > > +=20 > > +@@ -1799,7 +1808,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_s= truct *p, > > + D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash); > > + if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) !=3D 0) { > > + status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto out; > > ++ goto update_login; > > + } > > + } > > +=20 > > +@@ -1810,6 +1819,55 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_= struct *p, > > + } > > +=20 > > + status =3D pdb_update_sam_account(pwd); > > ++ > > ++update_login: > > ++ > > ++ /* > > ++ * Notify passdb backend of login success/failure. If not > > ++ * NT_STATUS_OK the backend doesn't like the login > > ++ */ > > ++ update_login_attempts_status =3D pdb_update_login_attempts(pwd, > > ++ NT_STATUS_IS_OK(status)); > > ++ > > ++ if (!NT_STATUS_IS_OK(status)) { > > ++ bool increment_bad_pw_count =3D false; > > ++ > > ++ if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) && > > ++ (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && > > ++ NT_STATUS_IS_OK(update_login_attempts_status)) > > ++ { > > ++ increment_bad_pw_count =3D true; > > ++ } > > ++ > > ++ if (increment_bad_pw_count) { > > ++ pdb_increment_bad_password_count(pwd); > > ++ updated_badpw =3D true; > > ++ } else { > > ++ pdb_update_bad_password_count(pwd, > > ++ &updated_badpw); > > ++ } > > ++ } else { > > ++ > > ++ if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && > > ++ (pdb_get_bad_password_count(pwd) > 0)){ > > ++ pdb_set_bad_password_count(pwd, 0, PDB_CHANGED); > > ++ pdb_set_bad_password_time(pwd, 0, PDB_CHANGED); > > ++ updated_badpw =3D true; > > ++ } > > ++ } > > ++ > > ++ if (updated_badpw) { > > ++ NTSTATUS update_status; > > ++ become_root(); > > ++ update_status =3D pdb_update_sam_account(pwd); > > ++ unbecome_root(); > > ++ > > ++ if (!NT_STATUS_IS_OK(update_status)) { > > ++ DEBUG(1, ("Failed to modify entry: %s\n", > > ++ nt_errstr(update_status))); > > ++ } > > ++ } > > ++ > > + out: > > + TALLOC_FREE(pwd); > > +=20 > > +--=20 > > +1.7.9.5 > > + > > + > > +From 059da248cf69a3b0ef29836f49367b938fb1cbda Mon Sep 17 00:00:00 2001 > > +From: Stefan Metzmacher > > +Date: Tue, 5 Nov 2013 14:04:20 +0100 > > +Subject: [PATCH 2/3] CVE-2013-4496:s3:auth: fix memory leak in the > > + ACCOUNT_LOCKED_OUT case. > > + > > +Bug: https://bugzilla.samba.org/show_bug.cgi?id=3D10245 > > + > > +Signed-off-by: Stefan Metzmacher > > +Reviewed-by: Jeremy Allison > > +Signed-off-by: Andrew Bartlett > > +Reviewed-by: Andreas Schneider > > +--- > > + source3/auth/check_samsec.c | 1 + > > + 1 file changed, 1 insertion(+) > > + > > +diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c > > +index f918dc0..e2c42d6 100644 > > +--- a/source3/auth/check_samsec.c > > ++++ b/source3/auth/check_samsec.c > > +@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *chall= enge, > > + /* Quit if the account was locked out. */ > > + if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { > > + DEBUG(3,("check_sam_security: Account for user %s was locked out.\n= ", username)); > > ++ TALLOC_FREE(sampass); > > + return NT_STATUS_ACCOUNT_LOCKED_OUT; > > + } > > +=20 > > +--=20 > > +1.7.9.5 > > + > > + > > +From 27f982ef33a1238ae48d7a38d608dd23ebde61ae Mon Sep 17 00:00:00 2001 > > +From: Andrew Bartlett > > +Date: Tue, 5 Nov 2013 16:16:46 +1300 > > +Subject: [PATCH 3/3] CVE-2013-4496:samr: Remove ChangePasswordUser > > + > > +This old password change mechanism does not provide the plaintext to > > +validate against password complexity, and it is not used by modern > > +clients. > > + > > +The missing features in both implementations (by design) were: > > + > > + - the password complexity checks (no plaintext) > > + - the minimum password length (no plaintext) > > + > > +Additionally, the source3 version did not check: > > + > > + - the minimum password age > > + - pdb_get_pass_can_change() which checks the security > > + descriptor for the 'user cannot change password' setting. > > + - the password history > > + - the output of the 'passwd program' if 'unix passwd sync =3D yes'. > > + > > +Finally, the mechanism was almost useless, as it was incorrectly > > +only made available to administrative users with permission > > +to reset the password. It is removed here so that it is not > > +mistakenly reinstated in the future. > > + > > +Andrew Bartlett > > + > > +Bug: https://bugzilla.samba.org/show_bug.cgi?id=3D10245 > > + > > +Signed-off-by: Andrew Bartlett > > +Reviewed-by: Andreas Schneider > > +Reviewed-by: Stefan Metzmacher > > +--- > > + source3/rpc_server/samr/srv_samr_nt.c | 169 +------------------- > > + source3/smbd/lanman.c | 254 ----------------------= --------- > > + source4/rpc_server/samr/samr_password.c | 126 +-------------- > > + source4/torture/rpc/samr.c | 12 +- > > + 4 files changed, 24 insertions(+), 537 deletions(-) > > + > > +diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_serve= r/samr/srv_samr_nt.c > > +index 3241b97..2519a3f 100644 > > +--- a/source3/rpc_server/samr/srv_samr_nt.c > > ++++ b/source3/rpc_server/samr/srv_samr_nt.c > > +@@ -1706,172 +1706,19 @@ NTSTATUS _samr_LookupNames(struct pipes_struc= t *p, > > + } > > +=20 > > + /**************************************************************** > > +- _samr_ChangePasswordUser > > ++ _samr_ChangePasswordUser. > > ++ > > ++ So old it is just not worth implementing > > ++ because it does not supply a plaintext and so we can't do password > > ++ complexity checking and cannot update other services that use a > > ++ plaintext password via passwd chat/pam password change/ldap password > > ++ sync. > > + ****************************************************************/ > > +=20 > > + NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p, > > + struct samr_ChangePasswordUser *r) > > + { > > +- NTSTATUS status; > > +- bool ret =3D false; > > +- struct samr_user_info *uinfo; > > +- struct samu *pwd =3D NULL; > > +- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; > > +- struct samr_Password lm_pwd, nt_pwd; > > +- bool updated_badpw =3D false; > > +- NTSTATUS update_login_attempts_status; > > +- > > +- uinfo =3D policy_handle_find(p, r->in.user_handle, > > +- SAMR_USER_ACCESS_SET_PASSWORD, NULL, > > +- struct samr_user_info, &status); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- return status; > > +- } > > +- > > +- DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n", > > +- sid_string_dbg(&uinfo->sid))); > > +- > > +- /* basic sanity checking on parameters. Do this before any database= ops */ > > +- if (!r->in.lm_present || !r->in.nt_present || > > +- !r->in.old_lm_crypted || !r->in.new_lm_crypted || > > +- !r->in.old_nt_crypted || !r->in.new_nt_crypted) { > > +- /* we should really handle a change with lm not > > +- present */ > > +- return NT_STATUS_INVALID_PARAMETER_MIX; > > +- } > > +- > > +- if (!(pwd =3D samu_new(NULL))) { > > +- return NT_STATUS_NO_MEMORY; > > +- } > > +- > > +- become_root(); > > +- ret =3D pdb_getsampwsid(pwd, &uinfo->sid); > > +- unbecome_root(); > > +- > > +- if (!ret) { > > +- TALLOC_FREE(pwd); > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- > > +- /* Quit if the account was locked out. */ > > +- if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) { > > +- DEBUG(3, ("Account for user %s was locked out.\n", > > +- pdb_get_username(pwd))); > > +- status =3D NT_STATUS_ACCOUNT_LOCKED_OUT; > > +- goto out; > > +- } > > +- > > +- { > > +- const uint8_t *lm_pass, *nt_pass; > > +- > > +- lm_pass =3D pdb_get_lanman_passwd(pwd); > > +- nt_pass =3D pdb_get_nt_passwd(pwd); > > +- > > +- if (!lm_pass || !nt_pass) { > > +- status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto update_login; > > +- } > > +- > > +- memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash)); > > +- memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash)); > > +- } > > +- > > +- /* decrypt and check the new lm hash */ > > +- D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash); > > +- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash= ); > > +- if (memcmp(checkHash.hash, lm_pwd.hash, 16) !=3D 0) { > > +- status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto update_login; > > +- } > > +- > > +- /* decrypt and check the new nt hash */ > > +- D_P16(nt_pwd.hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash); > > +- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash= ); > > +- if (memcmp(checkHash.hash, nt_pwd.hash, 16) !=3D 0) { > > +- status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto update_login; > > +- } > > +- > > +- /* The NT Cross is not required by Win2k3 R2, but if present > > +- check the nt cross hash */ > > +- if (r->in.cross1_present && r->in.nt_cross) { > > +- D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash); > > +- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) !=3D 0) { > > +- status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto update_login; > > +- } > > +- } > > +- > > +- /* The LM Cross is not required by Win2k3 R2, but if present > > +- check the lm cross hash */ > > +- if (r->in.cross2_present && r->in.lm_cross) { > > +- D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash); > > +- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) !=3D 0) { > > +- status =3D NT_STATUS_WRONG_PASSWORD; > > +- goto update_login; > > +- } > > +- } > > +- > > +- if (!pdb_set_nt_passwd(pwd, new_ntPwdHash.hash, PDB_CHANGED) || > > +- !pdb_set_lanman_passwd(pwd, new_lmPwdHash.hash, PDB_CHANGED)) { > > +- status =3D NT_STATUS_ACCESS_DENIED; > > +- goto out; > > +- } > > +- > > +- status =3D pdb_update_sam_account(pwd); > > +- > > +-update_login: > > +- > > +- /* > > +- * Notify passdb backend of login success/failure. If not > > +- * NT_STATUS_OK the backend doesn't like the login > > +- */ > > +- update_login_attempts_status =3D pdb_update_login_attempts(pwd, > > +- NT_STATUS_IS_OK(status)); > > +- > > +- if (!NT_STATUS_IS_OK(status)) { > > +- bool increment_bad_pw_count =3D false; > > +- > > +- if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) && > > +- (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && > > +- NT_STATUS_IS_OK(update_login_attempts_status)) > > +- { > > +- increment_bad_pw_count =3D true; > > +- } > > +- > > +- if (increment_bad_pw_count) { > > +- pdb_increment_bad_password_count(pwd); > > +- updated_badpw =3D true; > > +- } else { > > +- pdb_update_bad_password_count(pwd, > > +- &updated_badpw); > > +- } > > +- } else { > > +- > > +- if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) && > > +- (pdb_get_bad_password_count(pwd) > 0)){ > > +- pdb_set_bad_password_count(pwd, 0, PDB_CHANGED); > > +- pdb_set_bad_password_time(pwd, 0, PDB_CHANGED); > > +- updated_badpw =3D true; > > +- } > > +- } > > +- > > +- if (updated_badpw) { > > +- NTSTATUS update_status; > > +- become_root(); > > +- update_status =3D pdb_update_sam_account(pwd); > > +- unbecome_root(); > > +- > > +- if (!NT_STATUS_IS_OK(update_status)) { > > +- DEBUG(1, ("Failed to modify entry: %s\n", > > +- nt_errstr(update_status))); > > +- } > > +- } > > +- > > +- out: > > +- TALLOC_FREE(pwd); > > +- > > +- return status; > > ++ return NT_STATUS_NOT_IMPLEMENTED; > > + } > > +=20 > > + /******************************************************************* > > +diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c > > +index aef12df..3b4ec65 100644 > > +--- a/source3/smbd/lanman.c > > ++++ b/source3/smbd/lanman.c > > +@@ -2947,259 +2947,6 @@ static bool api_NetRemoteTOD(struct smbd_serve= r_connection *sconn, > > + } > > +=20 > > + /********************************************************************= ******** > > +- Set the user password. > > +-*********************************************************************= ********/ > > +- > > +-static bool api_SetUserPassword(struct smbd_server_connection *sconn, > > +- connection_struct *conn,uint16 vuid, > > +- char *param, int tpscnt, > > +- char *data, int tdscnt, > > +- int mdrcnt,int mprcnt, > > +- char **rdata,char **rparam, > > +- int *rdata_len,int *rparam_len) > > +-{ > > +- char *np =3D get_safe_str_ptr(param,tpscnt,param,2); > > +- char *p =3D NULL; > > +- fstring user; > > +- fstring pass1,pass2; > > +- TALLOC_CTX *mem_ctx =3D talloc_tos(); > > +- NTSTATUS status, result; > > +- struct rpc_pipe_client *cli =3D NULL; > > +- struct policy_handle connect_handle, domain_handle, user_handle; > > +- struct lsa_String domain_name; > > +- struct dom_sid2 *domain_sid; > > +- struct lsa_String names; > > +- struct samr_Ids rids; > > +- struct samr_Ids types; > > +- struct samr_Password old_lm_hash; > > +- struct samr_Password new_lm_hash; > > +- int errcode =3D NERR_badpass; > > +- uint32_t rid; > > +- int encrypted; > > +- int min_pwd_length; > > +- struct dcerpc_binding_handle *b =3D NULL; > > +- > > +- /* Skip 2 strings. */ > > +- p =3D skip_string(param,tpscnt,np); > > +- p =3D skip_string(param,tpscnt,p); > > +- > > +- if (!np || !p) { > > +- return False; > > +- } > > +- > > +- /* Do we have a string ? */ > > +- if (skip_string(param,tpscnt,p) =3D=3D NULL) { > > +- return False; > > +- } > > +- pull_ascii_fstring(user,p); > > +- > > +- p =3D skip_string(param,tpscnt,p); > > +- if (!p) { > > +- return False; > > +- } > > +- > > +- memset(pass1,'\0',sizeof(pass1)); > > +- memset(pass2,'\0',sizeof(pass2)); > > +- /* > > +- * We use 31 here not 32 as we're checking > > +- * the last byte we want to access is safe. > > +- */ > > +- if (!is_offset_safe(param,tpscnt,p,31)) { > > +- return False; > > +- } > > +- memcpy(pass1,p,16); > > +- memcpy(pass2,p+16,16); > > +- > > +- encrypted =3D get_safe_SVAL(param,tpscnt,p+32,0,-1); > > +- if (encrypted =3D=3D -1) { > > +- errcode =3D W_ERROR_V(WERR_INVALID_PARAM); > > +- goto out; > > +- } > > +- > > +- min_pwd_length =3D get_safe_SVAL(param,tpscnt,p+34,0,-1); > > +- if (min_pwd_length =3D=3D -1) { > > +- errcode =3D W_ERROR_V(WERR_INVALID_PARAM); > > +- goto out; > > +- } > > +- > > +- *rparam_len =3D 4; > > +- *rparam =3D smb_realloc_limit(*rparam,*rparam_len); > > +- if (!*rparam) { > > +- return False; > > +- } > > +- > > +- *rdata_len =3D 0; > > +- > > +- DEBUG(3,("Set password for <%s> (encrypted: %d, min_pwd_length: %d)\= n", > > +- user, encrypted, min_pwd_length)); > > +- > > +- ZERO_STRUCT(connect_handle); > > +- ZERO_STRUCT(domain_handle); > > +- ZERO_STRUCT(user_handle); > > +- > > +- status =3D rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_i= d, > > +- conn->session_info, > > +- &conn->sconn->client_id, > > +- conn->sconn->msg_ctx, > > +- &cli); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- DEBUG(0,("api_SetUserPassword: could not connect to samr: %s\n", > > +- nt_errstr(status))); > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- > > +- b =3D cli->binding_handle; > > +- > > +- status =3D dcerpc_samr_Connect2(b, mem_ctx, > > +- global_myname(), > > +- SAMR_ACCESS_CONNECT_TO_SERVER | > > +- SAMR_ACCESS_ENUM_DOMAINS | > > +- SAMR_ACCESS_LOOKUP_DOMAIN, > > +- &connect_handle, > > +- &result); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- if (!NT_STATUS_IS_OK(result)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(result)); > > +- goto out; > > +- } > > +- > > +- init_lsa_String(&domain_name, get_global_sam_name()); > > +- > > +- status =3D dcerpc_samr_LookupDomain(b, mem_ctx, > > +- &connect_handle, > > +- &domain_name, > > +- &domain_sid, > > +- &result); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- if (!NT_STATUS_IS_OK(result)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(result)); > > +- goto out; > > +- } > > +- > > +- status =3D dcerpc_samr_OpenDomain(b, mem_ctx, > > +- &connect_handle, > > +- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, > > +- domain_sid, > > +- &domain_handle, > > +- &result); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- if (!NT_STATUS_IS_OK(result)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(result)); > > +- goto out; > > +- } > > +- > > +- init_lsa_String(&names, user); > > +- > > +- status =3D dcerpc_samr_LookupNames(b, mem_ctx, > > +- &domain_handle, > > +- 1, > > +- &names, > > +- &rids, > > +- &types, > > +- &result); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- if (!NT_STATUS_IS_OK(result)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(result)); > > +- goto out; > > +- } > > +- > > +- if (rids.count !=3D 1) { > > +- errcode =3D W_ERROR_V(WERR_NO_SUCH_USER); > > +- goto out; > > +- } > > +- if (rids.count !=3D types.count) { > > +- errcode =3D W_ERROR_V(WERR_INVALID_PARAM); > > +- goto out; > > +- } > > +- if (types.ids[0] !=3D SID_NAME_USER) { > > +- errcode =3D W_ERROR_V(WERR_INVALID_PARAM); > > +- goto out; > > +- } > > +- > > +- rid =3D rids.ids[0]; > > +- > > +- status =3D dcerpc_samr_OpenUser(b, mem_ctx, > > +- &domain_handle, > > +- SAMR_USER_ACCESS_CHANGE_PASSWORD, > > +- rid, > > +- &user_handle, > > +- &result); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- if (!NT_STATUS_IS_OK(result)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(result)); > > +- goto out; > > +- } > > +- > > +- if (encrypted =3D=3D 0) { > > +- E_deshash(pass1, old_lm_hash.hash); > > +- E_deshash(pass2, new_lm_hash.hash); > > +- } else { > > +- ZERO_STRUCT(old_lm_hash); > > +- ZERO_STRUCT(new_lm_hash); > > +- memcpy(old_lm_hash.hash, pass1, MIN(strlen(pass1), 16)); > > +- memcpy(new_lm_hash.hash, pass1, MIN(strlen(pass2), 16)); > > +- } > > +- > > +- status =3D dcerpc_samr_ChangePasswordUser(b, mem_ctx, > > +- &user_handle, > > +- true, /* lm_present */ > > +- &old_lm_hash, > > +- &new_lm_hash, > > +- false, /* nt_present */ > > +- NULL, /* old_nt_crypted */ > > +- NULL, /* new_nt_crypted */ > > +- false, /* cross1_present */ > > +- NULL, /* nt_cross */ > > +- false, /* cross2_present */ > > +- NULL, /* lm_cross */ > > +- &result); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(status)); > > +- goto out; > > +- } > > +- if (!NT_STATUS_IS_OK(result)) { > > +- errcode =3D W_ERROR_V(ntstatus_to_werror(result)); > > +- goto out; > > +- } > > +- > > +- errcode =3D NERR_Success; > > +- out: > > +- > > +- if (b && is_valid_policy_hnd(&user_handle)) { > > +- dcerpc_samr_Close(b, mem_ctx, &user_handle, &result); > > +- } > > +- if (b && is_valid_policy_hnd(&domain_handle)) { > > +- dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result); > > +- } > > +- if (b && is_valid_policy_hnd(&connect_handle)) { > > +- dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result); > > +- } > > +- > > +- memset((char *)pass1,'\0',sizeof(fstring)); > > +- memset((char *)pass2,'\0',sizeof(fstring)); > > +- > > +- SSVAL(*rparam,0,errcode); > > +- SSVAL(*rparam,2,0); /* converter word */ > > +- return(True); > > +-} > > +- > > +-/********************************************************************= ******** > > + Set the user password (SamOEM version - gets plaintext). > > + *********************************************************************= *******/ > > +=20 > > +@@ -5790,7 +5537,6 @@ static const struct { > > + {"NetServerEnum2", RAP_NetServerEnum2, api_RNetServerEnum2}, /* anon= OK */ > > + {"NetServerEnum3", RAP_NetServerEnum3, api_RNetServerEnum3}, /* anon= OK */ > > + {"WAccessGetUserPerms",RAP_WAccessGetUserPerms,api_WAccessGetUserPer= ms}, > > +- {"SetUserPassword", RAP_WUserPasswordSet2, api_SetUserPassword}, > > + {"WWkstaUserLogon", RAP_WWkstaUserLogon, api_WWkstaUserLogon}, > > + {"PrintJobInfo", RAP_WPrintJobSetInfo, api_PrintJobInfo}, > > + {"WPrintDriverEnum", RAP_WPrintDriverEnum, api_WPrintDriverEnum}, > > +diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_ser= ver/samr/samr_password.c > > +index ee13a11..e618740 100644 > > +--- a/source4/rpc_server/samr/samr_password.c > > ++++ b/source4/rpc_server/samr/samr_password.c > > +@@ -32,131 +32,17 @@ > > +=20 > > + /* > > + samr_ChangePasswordUser > > ++ > > ++ So old it is just not worth implementing > > ++ because it does not supply a plaintext and so we can't do password > > ++ complexity checking and cannot update all the other password hashes. > > ++ > > + */ > > + NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce= _call, > > + TALLOC_CTX *mem_ctx, > > + struct samr_ChangePasswordUser *r) > > + { > > +- struct dcesrv_handle *h; > > +- struct samr_account_state *a_state; > > +- struct ldb_context *sam_ctx; > > +- struct ldb_message **res; > > +- int ret; > > +- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; > > +- struct samr_Password *lm_pwd, *nt_pwd; > > +- NTSTATUS status =3D NT_STATUS_OK; > > +- const char * const attrs[] =3D { "dBCSPwd", "unicodePwd" , NULL }; > > +- > > +- DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); > > +- > > +- a_state =3D h->data; > > +- > > +- /* basic sanity checking on parameters. Do this before any database= ops */ > > +- if (!r->in.lm_present || !r->in.nt_present || > > +- !r->in.old_lm_crypted || !r->in.new_lm_crypted || > > +- !r->in.old_nt_crypted || !r->in.new_nt_crypted) { > > +- /* we should really handle a change with lm not > > +- present */ > > +- return NT_STATUS_INVALID_PARAMETER_MIX; > > +- } > > +- > > +- /* Connect to a SAMDB with system privileges for fetching the old pw > > +- * hashes. */ > > +- sam_ctx =3D samdb_connect(mem_ctx, dce_call->event_ctx, > > +- dce_call->conn->dce_ctx->lp_ctx, > > +- system_session(dce_call->conn->dce_ctx->lp_ctx), 0); > > +- if (sam_ctx =3D=3D NULL) { > > +- return NT_STATUS_INVALID_SYSTEM_SERVICE; > > +- } > > +- > > +- /* fetch the old hashes */ > > +- ret =3D gendb_search_dn(sam_ctx, mem_ctx, > > +- a_state->account_dn, &res, attrs); > > +- if (ret !=3D 1) { > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- > > +- status =3D samdb_result_passwords(mem_ctx, > > +- dce_call->conn->dce_ctx->lp_ctx, > > +- res[0], &lm_pwd, &nt_pwd); > > +- if (!NT_STATUS_IS_OK(status) || !nt_pwd) { > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- > > +- /* decrypt and check the new lm hash */ > > +- if (lm_pwd) { > > +- D_P16(lm_pwd->hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash); > > +- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.has= h); > > +- if (memcmp(checkHash.hash, lm_pwd, 16) !=3D 0) { > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- } > > +- > > +- /* decrypt and check the new nt hash */ > > +- D_P16(nt_pwd->hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash); > > +- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash= ); > > +- if (memcmp(checkHash.hash, nt_pwd, 16) !=3D 0) { > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- > > +- /* The NT Cross is not required by Win2k3 R2, but if present > > +- check the nt cross hash */ > > +- if (r->in.cross1_present && r->in.nt_cross && lm_pwd) { > > +- D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash); > > +- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) !=3D 0) { > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- } > > +- > > +- /* The LM Cross is not required by Win2k3 R2, but if present > > +- check the lm cross hash */ > > +- if (r->in.cross2_present && r->in.lm_cross && lm_pwd) { > > +- D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash); > > +- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) !=3D 0) { > > +- return NT_STATUS_WRONG_PASSWORD; > > +- } > > +- } > > +- > > +- /* Start a SAM with user privileges for the password change */ > > +- sam_ctx =3D samdb_connect(mem_ctx, dce_call->event_ctx, > > +- dce_call->conn->dce_ctx->lp_ctx, > > +- dce_call->conn->auth_state.session_info, 0); > > +- if (sam_ctx =3D=3D NULL) { > > +- return NT_STATUS_INVALID_SYSTEM_SERVICE; > > +- } > > +- > > +- /* Start transaction */ > > +- ret =3D ldb_transaction_start(sam_ctx); > > +- if (ret !=3D LDB_SUCCESS) { > > +- DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ct= x))); > > +- return NT_STATUS_TRANSACTION_ABORTED; > > +- } > > +- > > +- /* Performs the password modification. We pass the old hashes read o= ut > > +- * from the database since they were already checked against the use= r- > > +- * provided ones. */ > > +- status =3D samdb_set_password(sam_ctx, mem_ctx, > > +- a_state->account_dn, > > +- a_state->domain_state->domain_dn, > > +- NULL, &new_lmPwdHash, &new_ntPwdHash, > > +- lm_pwd, nt_pwd, /* this is a user password change */ > > +- NULL, > > +- NULL); > > +- if (!NT_STATUS_IS_OK(status)) { > > +- ldb_transaction_cancel(sam_ctx); > > +- return status; > > +- } > > +- > > +- /* And this confirms it in a transaction commit */ > > +- ret =3D ldb_transaction_commit(sam_ctx); > > +- if (ret !=3D LDB_SUCCESS) { > > +- DEBUG(1,("Failed to commit transaction to change password on %s: %s= \n", > > +- ldb_dn_get_linearized(a_state->account_dn), > > +- ldb_errstring(sam_ctx))); > > +- return NT_STATUS_TRANSACTION_ABORTED; > > +- } > > +- > > +- return NT_STATUS_OK; > > ++ return NT_STATUS_NOT_IMPLEMENTED; > > + } > > +=20 > > + /* > > +diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c > > +index 7d9a1e2..adfc5d4 100644 > > +--- a/source4/torture/rpc/samr.c > > ++++ b/source4/torture/rpc/samr.c > > +@@ -1728,8 +1728,16 @@ static bool test_ChangePasswordUser(struct dcer= pc_binding_handle *b, > > +=20 > > + torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b,= tctx, &r), > > + "ChangePasswordUser failed"); > > +- torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PA= SSWORD, > > +- "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD becau= se we broke the LM hash"); > > ++ > > ++ /* Do not proceed if this call has been removed */ > > ++ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) { > > ++ return true; > > ++ } > > ++ > > ++ if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) { > > ++ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_P= ASSWORD, > > ++ "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD beca= use we broke the LM hash"); > > ++ } > > +=20 > > + /* Unbreak the LM hash */ > > + hash1.hash[0]--; > > +--=20 > > +1.7.9.5 > > + > > diff --git a/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb b/meta-o= e/recipes-connectivity/samba/samba_3.6.8.bb > > index 20b609d..f80e41e 100644 > > --- a/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb > > +++ b/meta-oe/recipes-connectivity/samba/samba_3.6.8.bb > > @@ -30,6 +30,7 @@ SRC_URI +=3D "\ > > file://configure-disable-getaddrinfo-cross.patch;patchdir=3D.. \ > > file://configure-disable-core_pattern-cross-check.patch;patchdir= =3D.. \ > > file://configure-libunwind.patch;patchdir=3D.. \ > > + file://samba-3.6.22-CVE-2013-4496.patch;patchdir=3D.. \ > > " > > SRC_URI[md5sum] =3D "fbb245863eeef2fffe172df779a217be" > > SRC_URI[sha256sum] =3D "4f5a171a8d902c6b4f822ed875c51eb8339196d9ccf0ec= d7f6521c966b3514de" > > --=20 > > 1.7.9.5 > >=20 > > --=20 > > _______________________________________________ > > Openembedded-devel mailing list > > Openembedded-devel@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel >=20 > --=20 > Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com --=20 Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com --dkEUBIird37B8yKS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlOoCdwACgkQN1Ujt2V2gBwYEgCcCDPg0A85XC44MIi/Z3pY1J9e eGoAn2OP3+OI8c2NEGGF2OkjjkNUhZUW =8rxB -----END PGP SIGNATURE----- --dkEUBIird37B8yKS--