[PATCH] auth: fix lockOutObservationWindow check
Andrew Bartlett
abartlet at samba.org
Tue Feb 25 01:54:37 MST 2014
On Thu, 2014-02-20 at 10:19 +1300, Andrew Bartlett wrote:
> On Wed, 2014-02-19 at 14:22 +0100, Arvid Requate wrote:
> > lockOutObservationWindow is a negative number
> >
> > Signed-off-by: Arvid Requate <requate at univention.de>
> > ---
> > source4/dsdb/common/util.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
> > index 188f3c2..fd3a45a 100644
> > --- a/source4/dsdb/common/util.c
> > +++ b/source4/dsdb/common/util.c
> > @@ -4704,7 +4704,7 @@ NTSTATUS dsdb_update_bad_pwd_count(TALLOC_CTX *mem_ctx,
> > }
> > (*mod_msg)->dn = user_msg->dn;
> >
> > - if (now - badPasswordTime < lockOutObservationWindow) {
> > + if (badPasswordTime - lockOutObservationWindow >= now) {
> > badPwdCount = ldb_msg_find_attr_as_int(user_msg, "badPwdCount", 0);
> > } else {
> > badPwdCount = 0;
>
> Thanks. Clearly I need to work out why our tests didn't find this, and
> fix that too.
Thanks for this. I've now added tests that trigger this issue, and
included both the tests and this in the patch series in gerrit.
I'll also push this to a more practical branch tomorrow.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list