[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Tue Feb 9 03:09:01 UTC 2021 

The branch, master has been updated
       via  1691cd7738b s3:testparm: Warn about 'server schannel = no'
       via  20f0a3b1098 pam_winbind: improve pam message if minimum password age strikes
      from  7fe39391c05 vfs: update status of SMB_VFS_LINKAT()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1691cd7738b89bec284646bc81f338d8027bfc79
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Feb 8 09:48:16 2021 +0100

    s3:testparm: Warn about 'server schannel = no'
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Tue Feb  9 03:08:42 UTC 2021 on sn-devel-184

commit 20f0a3b10981873dde5c1bc76d7f3a26acc605da
Author: Björn Jacke <bj at sernet.de>
Date:   Wed Jan 27 21:14:43 2021 +0100

    pam_winbind: improve pam message if minimum password age strikes
    
    if minimum password age strikes we should output the next possible password
    change time and not other password restriction policies.
    
    Signed-off-by: Bjoern Jacke <bjacke at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/pam_winbind.c   | 9 ++++++---
 source3/utils/testparm.c | 7 +++++++
 2 files changed, 13 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index aee45bfe9bc..ffbad91861f 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -637,7 +637,7 @@ static const struct ntstatus_errors {
 	{"NT_STATUS_PWD_TOO_SHORT",
 		N_("Password too short")},
 	{"NT_STATUS_PWD_TOO_RECENT",
-		N_("The password of this user is too recent to change")},
+		N_("The password was recently changed and cannot be changed again before %s")},
 	{"NT_STATUS_PWD_HISTORY_CONFLICT",
 		N_("Password is already in password history")},
 	{"NT_STATUS_PASSWORD_EXPIRED",
@@ -2049,8 +2049,11 @@ static int winbind_chauthtok_request(struct pwb_context *ctx,
 			case WBC_PWD_CHANGE_NO_ERROR:
 				if ((min_pwd_age > 0) &&
 				    (pwd_last_set + min_pwd_age > time(NULL))) {
-					PAM_WB_REMARK_DIRECT(ctx,
-					     "NT_STATUS_PWD_TOO_RECENT");
+					time_t next_change = pwd_last_set + min_pwd_age;
+					_make_remark_format(ctx, PAM_ERROR_MSG,
+						_get_ntstatus_error_string("NT_STATUS_PWD_TOO_RECENT"),
+						ctime(&next_change));
+					goto done;
 				}
 				break;
 			case WBC_PWD_CHANGE_PASSWORD_TOO_SHORT:
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 2d717f19756..e870104a2c5 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -525,6 +525,13 @@ static int do_global_checks(void)
 		ret = 1;
 	}
 
+	if (!lp_server_schannel()) {
+		fprintf(stderr,
+			"WARNING: You have configured 'server schannel = no'. "
+			"Your server is vulernable to \"ZeroLogon\" "
+			"(CVE-2020-1472)\n\n");
+	}
+
 	return ret;
 }
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list