From 2087b0cd986b8959b2a402b9a1891472e47ca0b0 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Tue, 16 Mar 2021 10:52:58 +1300 Subject: [PATCH] CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out samdb_result_msds_LockoutObservationWindow() is split out of samdb_result_effective_badPwdCount() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611 Signed-off-by: Gary Lockyer Reviewed-by: Joseph Sutton Reviewed-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- source4/dsdb/common/util.c | 45 +++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 88b05555b96..451495fe4c5 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -5363,9 +5363,9 @@ int dsdb_create_partial_replica_NC(struct ldb_context *ldb, struct ldb_dn *dn) * This also requires that the domain_msg have (if present): * - lockOutObservationWindow */ -static int dsdb_effective_badPwdCount(const struct ldb_message *user_msg, - int64_t lockOutObservationWindow, - NTTIME now) +int dsdb_effective_badPwdCount(const struct ldb_message *user_msg, + int64_t lockOutObservationWindow, + NTTIME now) { int64_t badPasswordTime; badPasswordTime = ldb_msg_find_attr_as_int64(user_msg, "badPasswordTime", 0); @@ -5412,25 +5412,24 @@ static struct ldb_result *lookup_user_pso(struct ldb_context *sam_ldb, } /* - * Return the effective badPwdCount + * Return the msDS-LockoutObservationWindow for a user message * * This requires that the user_msg have (if present): - * - badPasswordTime - * - badPwdCount * - msDS-ResultantPSO */ -int samdb_result_effective_badPwdCount(struct ldb_context *sam_ldb, - TALLOC_CTX *mem_ctx, - struct ldb_dn *domain_dn, - const struct ldb_message *user_msg) +int64_t samdb_result_msds_LockoutObservationWindow( + struct ldb_context *sam_ldb, + TALLOC_CTX *mem_ctx, + struct ldb_dn *domain_dn, + const struct ldb_message *user_msg) { - struct timeval tv_now = timeval_current(); - NTTIME now = timeval_to_nttime(&tv_now); int64_t lockOutObservationWindow; struct ldb_result *res = NULL; const char *attrs[] = { "msDS-LockoutObservationWindow", NULL }; - + if (domain_dn == NULL) { + smb_panic("domain dn is NULL"); + } res = lookup_user_pso(sam_ldb, mem_ctx, user_msg, attrs); if (res != NULL) { @@ -5446,7 +5445,27 @@ int samdb_result_effective_badPwdCount(struct ldb_context *sam_ldb, samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "lockOutObservationWindow", NULL); } + return lockOutObservationWindow; +} +/* + * Return the effective badPwdCount + * + * This requires that the user_msg have (if present): + * - badPasswordTime + * - badPwdCount + * - msDS-ResultantPSO + */ +int samdb_result_effective_badPwdCount(struct ldb_context *sam_ldb, + TALLOC_CTX *mem_ctx, + struct ldb_dn *domain_dn, + const struct ldb_message *user_msg) +{ + struct timeval tv_now = timeval_current(); + NTTIME now = timeval_to_nttime(&tv_now); + int64_t lockOutObservationWindow = + samdb_result_msds_LockoutObservationWindow( + sam_ldb, mem_ctx, domain_dn, user_msg); return dsdb_effective_badPwdCount(user_msg, lockOutObservationWindow, now); } -- 2.47.3