git.ipfire.org Git - thirdparty/samba.git/commit

author	Tim Beale <timbeale@catalyst.net.nz>
	Fri, 6 Apr 2018 04:42:50 +0000 (16:42 +1200)
committer	Garming Sam <garming@samba.org>
	Wed, 23 May 2018 04:55:30 +0000 (06:55 +0200)
commit	442a38c918ae1666b35285013365553b39837f14
tree	6bc746a5102d8e0e4e54f2ba5f0219fc9bd49fa3	tree
parent	6f82161caf299059c6d35bf28b9dfd8c1e4ddb30	commit \| diff

dsdb/auth: Use PSO settings for lockOutThreshold/Duration

If a PSO applies to a user, use its lockOutThreshold/Duration settings
instead of the domain setting. When we lookup a user, we now include the
msDS-ResultantPSO attribute. If the attribute is present for a user,
then we lookup the corresponding PSO object to get the lockOutThreshold/
Duration settings.

Note: This is not quite enough to make the PSO lockout tests pass, as
msDS-User-Account-Control-Computed is still constructed based on the
domain lockoutDuration setting rather than the PSO.

Updating the password_hash.c code properly will be done in a subsequent
commit.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

source4/auth/sam.c		diff \| blob \| blame \| history
source4/dsdb/common/util.c		diff \| blob \| blame \| history
source4/dsdb/samdb/ldb_modules/password_hash.c		diff \| blob \| blame \| history