s4: dSHeuristics syntax check
abartlet at samba.org
Tue Nov 2 14:15:14 MDT 2010
On Tue, 2010-11-02 at 16:38 +0200, Nadezhda Ivanova wrote:
> Hi Matthias and team,
> I implemented checking of the restrictions on dSHeuristics attribute, as
> described in MS-ADTS 184.108.40.206.4.1.2, because it is being used in the aclread
> module, and we should probably start to actually pay attention to its
> settings in other places as well, such as accepting userPassword attribute
> ot accepting a password reset over non-secure connection. I put the check in
> objectclass_attrs, as this is the place where we generally check attribute
> syntax, but if you have any objections or suggestions let me know.
> Here are the patches:
Why do you only check modifies? Also, the macros for '10th char' seem
weird, but I presume they are already defined somewhere for some other
purpose. Otherwise, this looks good!
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: This is a digitally signed message part
More information about the samba-technical