From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 20 Sep 2023 19:32:30 +0000 (+1200)
Subject: s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()
X-Git-Tag: tevent-0.16.0~356
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9bd9b9bfd9548db54c02aa321b6c8328a3f3080e;p=thirdparty%2Fsamba.git

s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()

strptime() will fail to parse the LDAP ‘whenCreated’ time string,
because the format string is wrong: it will expect to get a time like
“20230920043849Z”, but the time string seems to be actually formatted
“20230920043849.0Z” — like a GeneralizedTime.

Fix this by delegating to ldb_val_to_time().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 0295be5840f..a9d8bc557db 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -133,20 +133,17 @@ static void auth_sam_trigger_repl_secret(TALLOC_CTX *mem_ctx,
 
 static time_t ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, time_t default_val)
 {
-    const char *tmp;
-    const char *gentime;
-    struct tm tm = {};
+    const struct ldb_val *gentime = NULL;
+    time_t t;
+    int ret;
 
-    gentime = ldb_msg_find_attr_as_string(msg, attr, NULL);
-    if (!gentime)
-	return default_val;
-
-    tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
-    if (tmp == NULL) {
+    gentime = ldb_msg_find_ldb_val(msg, attr);
+    ret = ldb_val_to_time(gentime, &t);
+    if (ret) {
 	    return default_val;
     }
 
-    return timegm(&tm);
+    return t;
 }
 
 static struct SDBFlags uf2SDBFlags(krb5_context context, uint32_t userAccountControl, enum samba_kdc_ent_type ent_type)