[PATCH] Patch to implement AD password lockout in Samba's AD DC

Andrew Bartlett abartlet at samba.org
Tue Mar 11 17:42:38 MDT 2014

On Tue, 2014-03-11 at 19:36 +0100, Stefan (metze) Metzmacher wrote:
> Am 11.03.2014 05:03, schrieb Andrew Bartlett:
> > 
> > I have again addressed as much of the issues that I can at the moment. 
> > 
> > To be honest, having worked on this area since October, I'm more than a
> > little exhausted of this area, but I have made another attempt to
> > address as many of the structural concerns as I can.  In particular,
> > I've broken out helper functions in auth_sam.c and password_hash.c
> > 
> > I have not extended the tests nor done extra tests as suggested - I've
> > found that testing this area is a bottomless pit (hence why they are
> > already so extensive), and I'm just out of time and energy for this.
> > Naturally additional tests are welcome if you or someone else has the
> > time, but I would suggest first we should get our own 'source3' code to
> > pass our own tests again, as a better application of the effort. 
> > 
> > The issues of formatting I've left alone, and I would ask that if you
> > really want to specify the exact formatting that you please download the
> > patch set with:
> > 
> > git fetch https://gerrit.samba.org/samba refs/changes/87/87/6 && git
> > checkout FETCH_HEAD
> > 
> > And then re-submit them with the attached script.
> > 
> > I do wish we had a sensible way these minor issues could be dealt with
> > directly in the web interface.
> > 
> > Finally, I do appreciate your time and patience on this, and know this
> > must be just as frustrating for you as it is for me.  If you would
> > prefer I worked with someone else to finish the review work please let
> > me know.
> I'll have a look at it tomorrow.
> metze

I have uploaded a new set to review, integrating the CVE-2013-4496

git fetch https://gerrit.samba.org/samba refs/changes/87/87/7 && git
checkout FETCH_HEAD


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list