From d12b02c78842786969557b9be7c953e9594d90dd Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 13 Nov 2018 13:19:04 +1300 Subject: [PATCH 16/17] CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs Fix a remaining place where we were trying to read the msDS-LockoutObservationWindow as an int instead of an int64. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett --- selftest/knownfail.d/password_lockout | 2 -- source4/dsdb/common/util.c | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) delete mode 100644 selftest/knownfail.d/password_lockout diff --git a/selftest/knownfail.d/password_lockout b/selftest/knownfail.d/password_lockout deleted file mode 100644 index a4e37a84c21..00000000000 --- a/selftest/knownfail.d/password_lockout +++ /dev/null @@ -1,2 +0,0 @@ -samba4.ldap.password_lockout.python\(ad_dc_ntvfs\).__main__.PasswordTestsWithDefaults.test_pso_login_lockout_krb5\(ad_dc_ntvfs\) -samba4.ldap.password_lockout.python\(ad_dc_ntvfs\).__main__.PasswordTestsWithDefaults.test_pso_login_lockout_ntlm\(ad_dc_ntvfs\) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 438a29e1773..8d863f85a29 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -5361,9 +5361,9 @@ int samdb_result_effective_badPwdCount(struct ldb_context *sam_ldb, if (res != NULL) { lockOutObservationWindow = - ldb_msg_find_attr_as_int(res->msgs[0], - "msDS-LockoutObservationWindow", - 0); + ldb_msg_find_attr_as_int64(res->msgs[0], + "msDS-LockoutObservationWindow", + 0); talloc_free(res); } else { -- 2.17.1