s4: dSHeuristics syntax check

Andrew Bartlett abartlet at samba.org
Tue Nov 2 14:15:14 MDT 2010

On Tue, 2010-11-02 at 16:38 +0200, Nadezhda Ivanova wrote:
> Hi Matthias and team,
> I implemented checking of the restrictions on dSHeuristics attribute, as
> described in MS-ADTS, because it is being used in the aclread
> module, and we should probably start to actually pay attention to its
> settings in other places as well, such as accepting userPassword attribute
> ot accepting a password reset over non-secure connection. I put the check in
> objectclass_attrs, as this is the place where we generally check attribute
> syntax, but if you have any objections or suggestions let me know.
> Here are the patches:
> Tests:
> http://gitweb.samba.org/?p=nivanova/samba.git;a=commit;h=9c5490c9298aa29d9deb76702f21dd8f0d5b9902
> Implementation:
> http://gitweb.samba.org/?p=nivanova/samba.git;a=commit;h=d274e17fba5b5d047904595ae505339b8bd1176f

Why do you only check modifies?  Also, the macros for '10th char' seem
weird, but I presume they are already defined somewhere for some other
purpose.  Otherwise, this looks good!

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101103/e3dd6742/attachment.pgp>

More information about the samba-technical mailing list