[PATCH] Fix pwdLastSet behaviour in regards to Windows
Stefan Metzmacher
metze at samba.org
Mon Jan 18 07:33:26 UTC 2016
Hi Adrian,
Am 17.01.2016 um 22:00 schrieb adrianc at catalyst.net.nz:
> Here's a patch for fixing https://bugzilla.samba.org/show_bug.cgi?id=9654
The password_hash module is handling some parts of the pwdLastSet already.
I think it's also the place where we should handle the "0" and "-1" handling
and we should completely match windows here and doesn't allow any other
values.
For internal callers, e.g the SAMR server we may need a control in order to
bypass the restriction. Where did you see problems with your patch
during provision?
In general I'd say provision should not set pwdLastSet, but we can check
for
LDB_CONTROL_PROVISION_OID. We also seem to have
DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
already...
I already started with a patch a while ago, see:
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=a41559bb5bceed9c38a7f9fad65352a9a43bbf17
and
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=948b1cded94f5487d0555ab9620d89ac30223552
But I don't remember what the remaining problems where.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160118/d6a4ad5a/signature.sig>
More information about the samba-technical
mailing list