CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs
authorTim Beale <timbeale@catalyst.net.nz>
Tue, 13 Nov 2018 00:19:04 +0000 (13:19 +1300)
committerKarolin Seeger <kseeger@samba.org>
Wed, 28 Nov 2018 07:22:25 +0000 (08:22 +0100)
Fix a remaining place where we were trying to read the
msDS-LockoutObservationWindow as an int instead of an int64.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest/knownfail.d/password_lockout [deleted file]
source4/dsdb/common/util.c

diff --git a/selftest/knownfail.d/password_lockout b/selftest/knownfail.d/password_lockout
deleted file mode 100644 (file)
index a4e37a8..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-samba4.ldap.password_lockout.python\(ad_dc_ntvfs\).__main__.PasswordTestsWithDefaults.test_pso_login_lockout_krb5\(ad_dc_ntvfs\)
-samba4.ldap.password_lockout.python\(ad_dc_ntvfs\).__main__.PasswordTestsWithDefaults.test_pso_login_lockout_ntlm\(ad_dc_ntvfs\)
index dcbfc8c..50c96f7 100644 (file)
@@ -5368,9 +5368,9 @@ int samdb_result_effective_badPwdCount(struct ldb_context *sam_ldb,
 
        if (res != NULL) {
                lockOutObservationWindow =
-                       ldb_msg_find_attr_as_int(res->msgs[0],
-                                                "msDS-LockoutObservationWindow",
-                                                 0);
+                       ldb_msg_find_attr_as_int64(res->msgs[0],
+                                                  "msDS-LockoutObservationWindow",
+                                                   0);
                talloc_free(res);
        } else {