[PATCH] auth: fix lockOutObservationWindow check
Andrew Bartlett
abartlet at samba.org
Wed Feb 19 14:19:38 MST 2014
On Wed, 2014-02-19 at 14:22 +0100, Arvid Requate wrote:
> lockOutObservationWindow is a negative number
>
> Signed-off-by: Arvid Requate <requate at univention.de>
> ---
> source4/dsdb/common/util.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
> index 188f3c2..fd3a45a 100644
> --- a/source4/dsdb/common/util.c
> +++ b/source4/dsdb/common/util.c
> @@ -4704,7 +4704,7 @@ NTSTATUS dsdb_update_bad_pwd_count(TALLOC_CTX *mem_ctx,
> }
> (*mod_msg)->dn = user_msg->dn;
>
> - if (now - badPasswordTime < lockOutObservationWindow) {
> + if (badPasswordTime - lockOutObservationWindow >= now) {
> badPwdCount = ldb_msg_find_attr_as_int(user_msg, "badPwdCount", 0);
> } else {
> badPwdCount = 0;
Thanks. Clearly I need to work out why our tests didn't find this, and
fix that too.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list