From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Mar 2021 02:33:08 +0000 (+1300)
Subject: CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_su... 
X-Git-Tag: talloc-2.4.0~1077
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=712181032a47318576ef35f6a6cf0f958aa538fb;p=thirdparty%2Fsamba.git

CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()

By bringing this function inline it can then be split out in a
subsequent commit.

Based on work by Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 9e4da42632d..698324e5cc0 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -1479,11 +1479,17 @@ get_transaction:
 
 	lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
 	dbBadPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0);
+	tv_now = timeval_current();
+	now = timeval_to_nttime(&tv_now);
+
 	if (interactive_or_kerberos) {
 		badPwdCount = dbBadPwdCount;
 	} else {
-		badPwdCount = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx,
-								 domain_dn, msg);
+		int64_t lockOutObservationWindow =
+			samdb_result_msds_LockoutObservationWindow(
+				sam_ctx, mem_ctx, domain_dn, msg);
+		badPwdCount = dsdb_effective_badPwdCount(
+			msg, lockOutObservationWindow, now);
 	}
 	lastLogonTimestamp =
 		ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0);
@@ -1521,9 +1527,6 @@ get_transaction:
 		}
 	}
 
-	tv_now = timeval_current();
-	now = timeval_to_nttime(&tv_now);
-
 	if (interactive_or_kerberos ||
 	    (badPwdCount != 0 && lockoutTime == 0)) {
 		ret = samdb_msg_add_int64(sam_ctx, msg_mod, msg_mod,