This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 39263 - Samba SetCred patch issues. (global pamh).
Samba SetCred patch issues. (global pamh).
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: samba (Show other bugs)
1.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-05-06 04:06 EDT by Andrew Bartlett
Modified: 2007-04-18 12:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-07 15:18:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Bartlett 2001-05-06 04:06:48 EDT
Description of Problem:
Latest Rawhide Samba SRPMS (I looked at version 2.0.8-0.7.1) include a
patch to set pam credentials.  However, it suffers a fatal flaw.  It
presumes that there is one user per smbd, unfortunetly this is not how
samba operates.  One smbd can server multiple real and guest users,
particuarly as used by Win2k Terminal Server.

I have marked this as 'security' becouse this could (if I understand the
patch infered its behaviour correctly) allow one user (including guest) to
use the authentication tokons of another user served by the same smbd.

This is mitigated however by the fact that plaintext authentication would
be required for this to occur.

In any case, the first user to exit would end the pam session, rendering
the code useless.

The correct way to do this is to attach the pamh to a user's vuid, and to
pass that to the relevent functions as required.  This however is a more
significat change, but one I intend to look at at some time.

(As a matter of note, Samba 2.2 now no longer uses any global variables in
respect to PAM - but when it did their vaule was not kept between
authentication calls in any case).

At least this is my understanding, I would be happy to be proved wrong.
Comment 1 Trond Eivind Glomsrxd 2001-06-18 17:29:55 EDT
The current rawhide should have samba 2.2.0, making the issue obsolete.
Comment 2 Andrew Bartlett 2001-06-18 21:51:00 EDT
I'm going to look at the original issue over the next few weeks, attaching the
pamh to the vuid.  If anybody wants to contact me regarding the orginal issue
this code attempted to address (so I can reimplement it properly) I would
appriciate it.  E-mail: abartlet@samba.org

Note You need to log in before you can comment on or make changes to this bug.