Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix an exception when nt key cache is enabled but no max login attempt was defined #8156

Merged
merged 1 commit into from
Aug 6, 2024
Merged

fix an exception when nt key cache is enabled but no max login attempt was defined #8156

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions bin/pyntlm_auth/config_loader.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,16 @@ def config_load():
print(f" NT key cache: expire value '{nt_key_cache_expire}' too large, set to maximum value: 864000")
nt_key_cache_expire = 864000

ad_old_password_allowed_period, error = get_int_value(ad_old_password_allowed_period)
if error is not None:
print(f" NT Key cache: unable to parse 'ad_old_password_allowed_period', cache disabled.")
nt_key_cache_enabled = False
break
if ad_old_password_allowed_period < 0 or ad_old_password_allowed_period > 99999:
print(f" NT Key cache: 'ad_old_password_allowed_period' ranges from 0..99999, cache disabled.")
nt_key_cache_enabled = False
break
Comment on lines +176 to +179
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 and 99999 are valid ad_old_password_allowed_peroid.
if it's set to 0, no old password will be accepted, changing password will immeidately revoke access of old password.
while 99999 means old password will still valid for 99999 minutes. but no admin will gonna do that in production environment.


ad_account_lockout_threshold, error = get_int_value(ad_account_lockout_threshold)
if error is not None:
print(" NT Key cache: can not parse 'ad_account_lockout_threshold', cache disabled.")
Expand Down Expand Up @@ -210,16 +220,6 @@ def config_load():
nt_key_cache_enabled = False
break

ad_old_password_allowed_period, error = get_int_value(ad_old_password_allowed_period)
if error is not None:
print(f" NT Key cache: unable to parse 'ad_old_password_allowed_period', cache disabled.")
nt_key_cache_enabled = False
break
if ad_old_password_allowed_period < 0 or ad_old_password_allowed_period > 99999:
print(f" NT Key cache: 'ad_old_password_allowed_period' ranges from 0..99999, cache disabled.")
nt_key_cache_enabled = False
break

max_allowed_attempts_per_device, error = get_int_value(max_allowed_attempts_per_device)
s_device = 'max_allowed_attempts_per_device'
s_threshold = 'ad_account_lockout_threshold'
Expand Down
Loading