[PATCH] Patch to implement AD password lockout in Samba's AD DC
abartlet at samba.org
Tue Mar 11 17:42:38 MDT 2014
On Tue, 2014-03-11 at 19:36 +0100, Stefan (metze) Metzmacher wrote:
> Am 11.03.2014 05:03, schrieb Andrew Bartlett:
> > I have again addressed as much of the issues that I can at the moment.
> > To be honest, having worked on this area since October, I'm more than a
> > little exhausted of this area, but I have made another attempt to
> > address as many of the structural concerns as I can. In particular,
> > I've broken out helper functions in auth_sam.c and password_hash.c
> > I have not extended the tests nor done extra tests as suggested - I've
> > found that testing this area is a bottomless pit (hence why they are
> > already so extensive), and I'm just out of time and energy for this.
> > Naturally additional tests are welcome if you or someone else has the
> > time, but I would suggest first we should get our own 'source3' code to
> > pass our own tests again, as a better application of the effort.
> > The issues of formatting I've left alone, and I would ask that if you
> > really want to specify the exact formatting that you please download the
> > patch set with:
> > git fetch https://gerrit.samba.org/samba refs/changes/87/87/6 && git
> > checkout FETCH_HEAD
> > And then re-submit them with the attached script.
> > I do wish we had a sensible way these minor issues could be dealt with
> > directly in the web interface.
> > Finally, I do appreciate your time and patience on this, and know this
> > must be just as frustrating for you as it is for me. If you would
> > prefer I worked with someone else to finish the review work please let
> > me know.
> I'll have a look at it tomorrow.
I have uploaded a new set to review, integrating the CVE-2013-4496
git fetch https://gerrit.samba.org/samba refs/changes/87/87/7 && git
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical