Enhancement #1650

Protect samba password ldap field

Added by Davide Principi over 8 years ago. Updated over 8 years ago.

Status:CLOSEDStart date:02/11/2013
Priority:NormalDue date:02/11/2013
Assignee:-% Done:

100%

Category:nethserver-samba
Target version:v6.4-alpha2
Resolution: NEEDINFO:

Description

sambaNTPassword ldap field must be accessible only from internal samba account.


Related issues

Related to NethServer 6 - Bug #1894: Samba password hash disclosure CLOSED 04/29/2013 04/29/2013

Associated revisions

Revision b265aac1
Added by Davide Principi over 8 years ago

Directory.pm: new public method enforceAccessDirective(), does the same as the obsolete static version addAccessDirective(). Refs #1650

Revision 15dce538
Added by Davide Principi over 8 years ago

nethserver-samba-conf action: moved samba service account creation in nethserver-samba-aclsetup action. Refs #1650

Revision 7a89eada
Added by Davide Principi over 8 years ago

nethserver-samba-aclsetup action: implemented with enforceAccessDirective() from NethServer::Directory. Refs #1650

Revision cebbc1b7
Added by Davide Principi over 8 years ago

nethserver-directory-conf: fixed bdb backend configuration. Refs #1650

Revision 3d7a194d
Added by Davide Principi over 8 years ago

nethserver-directory-dit-setup action: make sure this is executed just after nethserver-directory-conf action, using configServiceAccount() library method to create pam and libuser service accounts. Refs #1650

Revision 06022ff0
Added by Davide Principi over 8 years ago

nethserver-samba-aclsetup action: removed and merged with nethserver-samba-conf. ACL setup is no longer required to be repeated when nethserver-directory is updated as it now relies on configServiceAccount() library function. Refs #1650

Revision 008b1b45
Added by Davide Principi over 8 years ago

nethserver-directory-conf action: grant manage permission to root user BEFORE accessing the DIT. Refs #1650

History

#1 Updated by Davide Principi over 8 years ago

  • Project changed from 2 to NethServer 6

#2 Updated by Davide Principi over 8 years ago

  • Due date set to 02/11/2013
  • Status changed from NEW to ON_DEV
  • Assignee set to Davide Principi
  • Start date set to 02/11/2013
  • % Done changed from 0 to 10

#3 Updated by Davide Principi over 8 years ago

  • Description updated (diff)

#4 Updated by Davide Principi over 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 10 to 100
In nethserver-dev repository:
  • nethserver-samba-1.0.0-5.git7a89eada.ns6.src.rpm
  • nethserver-directory-1.1.1-3.gitcebbc1b7.ns6.noarch.rpm

#5 Updated by Davide Principi over 8 years ago

In nethserver-dev repository:
  • nethserver-samba-1.0.0-6.git06022ff0.ns6.noarch.rpm
  • nethserver-directory-1.1.1-4.git3d7a194d.ns6.noarch.rpm

#6 Updated by Davide Principi over 8 years ago

  • Status changed from MODIFIED to CLOSED

#7 Updated by Davide Principi over 8 years ago

State set to closed on NethServer 6.4 alpha2 release

Also available in: Atom PDF