backport #8156

inverse-inc · Aug 8, 2024 · a7b6be2 · a7b6be2
1 parent 1d095f7
commit a7b6be2
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/bin/pyntlm_auth/config_generator.py b/bin/pyntlm_auth/config_generator.py
@@ -1,4 +1,9 @@
+import os
+
+
 def generate_empty_conf():
+    path = '/usr/local/pf/var/conf/'
+    os.makedirs(path, exist_ok=True)
     with open('/usr/local/pf/var/conf/default.conf', 'w') as file:
         file.write("\n")
 

diff --git a/bin/pyntlm_auth/config_loader.py b/bin/pyntlm_auth/config_loader.py
@@ -168,6 +168,16 @@ def config_load():
                 print(f"  NT key cache: expire value '{nt_key_cache_expire}' too large, set to maximum value: 864000")
                 nt_key_cache_expire = 864000
 
+            ad_old_password_allowed_period, error = get_int_value(ad_old_password_allowed_period)
+            if error is not None:
+                print(f"  NT Key cache: unable to parse 'ad_old_password_allowed_period', cache disabled.")
+                nt_key_cache_enabled = False
+                break
+            if ad_old_password_allowed_period < 0 or ad_old_password_allowed_period > 99999:
+                print(f"  NT Key cache: 'ad_old_password_allowed_period' ranges from 0..99999, cache disabled.")
+                nt_key_cache_enabled = False
+                break
+
             ad_account_lockout_threshold, error = get_int_value(ad_account_lockout_threshold)
             if error is not None:
                 print("  NT Key cache: can not parse 'ad_account_lockout_threshold', cache disabled.")
@@ -178,6 +188,8 @@ def config_load():
                 ad_account_lockout_duration = 0
                 ad_reset_account_lockout_count_after = 0
                 max_allowed_attempts_per_device = 999
+                ad_old_password_allowed_period, error = get_int_value(ad_old_password_allowed_period)
+                if error is not None: ad_old_password_allowed_period = 0
                 break
             if ad_account_lockout_threshold < 2 or ad_account_lockout_threshold > 999:
                 print(f"  NT Key cache: 'ad_account_lock_threshold' ranges from 2..999, cache disabled.")
@@ -210,16 +222,6 @@ def config_load():
                 nt_key_cache_enabled = False
                 break
 
-            ad_old_password_allowed_period, error = get_int_value(ad_old_password_allowed_period)
-            if error is not None:
-                print(f"  NT Key cache: unable to parse 'ad_old_password_allowed_period', cache disabled.")
-                nt_key_cache_enabled = False
-                break
-            if ad_old_password_allowed_period < 0 or ad_old_password_allowed_period > 99999:
-                print(f"  NT Key cache: 'ad_old_password_allowed_period' ranges from 0..99999, cache disabled.")
-                nt_key_cache_enabled = False
-                break
-
             max_allowed_attempts_per_device, error = get_int_value(max_allowed_attempts_per_device)
             s_device = 'max_allowed_attempts_per_device'
             s_threshold = 'ad_account_lockout_threshold'