The branch, master has been updated
via 1691cd7738b s3:testparm: Warn about 'server schannel = no'
via 20f0a3b1098 pam_winbind: improve pam message if minimum password
age strikes
from 7fe39391c05 vfs: update status of SMB_VFS_LINKAT()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1691cd7738b89bec284646bc81f338d8027bfc79
Author: Andreas Schneider <a...@samba.org>
Date: Mon Feb 8 09:48:16 2021 +0100
s3:testparm: Warn about 'server schannel = no'
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Tue Feb 9 03:08:42 UTC 2021 on sn-devel-184
commit 20f0a3b10981873dde5c1bc76d7f3a26acc605da
Author: Björn Jacke <b...@sernet.de>
Date: Wed Jan 27 21:14:43 2021 +0100
pam_winbind: improve pam message if minimum password age strikes
if minimum password age strikes we should output the next possible password
change time and not other password restriction policies.
Signed-off-by: Bjoern Jacke <bja...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/pam_winbind.c | 9 ++++++---
source3/utils/testparm.c | 7 +++++++
2 files changed, 13 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index aee45bfe9bc..ffbad91861f 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -637,7 +637,7 @@ static const struct ntstatus_errors {
{"NT_STATUS_PWD_TOO_SHORT",
N_("Password too short")},
{"NT_STATUS_PWD_TOO_RECENT",
- N_("The password of this user is too recent to change")},
+ N_("The password was recently changed and cannot be changed
again before %s")},
{"NT_STATUS_PWD_HISTORY_CONFLICT",
N_("Password is already in password history")},
{"NT_STATUS_PASSWORD_EXPIRED",
@@ -2049,8 +2049,11 @@ static int winbind_chauthtok_request(struct pwb_context
*ctx,
case WBC_PWD_CHANGE_NO_ERROR:
if ((min_pwd_age > 0) &&
(pwd_last_set + min_pwd_age > time(NULL))) {
- PAM_WB_REMARK_DIRECT(ctx,
- "NT_STATUS_PWD_TOO_RECENT");
+ time_t next_change = pwd_last_set +
min_pwd_age;
+ _make_remark_format(ctx, PAM_ERROR_MSG,
+
_get_ntstatus_error_string("NT_STATUS_PWD_TOO_RECENT"),
+ ctime(&next_change));
+ goto done;
}
break;
case WBC_PWD_CHANGE_PASSWORD_TOO_SHORT:
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 2d717f19756..e870104a2c5 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -525,6 +525,13 @@ static int do_global_checks(void)
ret = 1;
}
+ if (!lp_server_schannel()) {
+ fprintf(stderr,
+ "WARNING: You have configured 'server schannel = no'. "
+ "Your server is vulernable to \"ZeroLogon\" "
+ "(CVE-2020-1472)\n\n");
+ }
+
return ret;
}
--
Samba Shared Repository
