From dd38fae8c8d7d47c75f03b6bc94bed8d47012cb6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Mar 2021 15:33:08 +1300
Subject: [PATCH] CVE-2021-20251 auth4: Inline
 samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()

By bringing this function inline it can then be split out in a
subsequent commit.

Based on work by Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 712181032a47318576ef35f6a6cf0f958aa538fb)
---
 source4/auth/sam.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 52f23a08aa3..6ef22182b8f 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -1479,11 +1479,17 @@ get_transaction:
 
 	lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
 	dbBadPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0);
+	tv_now = timeval_current();
+	now = timeval_to_nttime(&tv_now);
+
 	if (interactive_or_kerberos) {
 		badPwdCount = dbBadPwdCount;
 	} else {
-		badPwdCount = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx,
-								 domain_dn, msg);
+		int64_t lockOutObservationWindow =
+			samdb_result_msds_LockoutObservationWindow(
+				sam_ctx, mem_ctx, domain_dn, msg);
+		badPwdCount = dsdb_effective_badPwdCount(
+			msg, lockOutObservationWindow, now);
 	}
 	lastLogonTimestamp =
 		ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0);
@@ -1521,9 +1527,6 @@ get_transaction:
 		}
 	}
 
-	tv_now = timeval_current();
-	now = timeval_to_nttime(&tv_now);
-
 	if (interactive_or_kerberos ||
 	    (badPwdCount != 0 && lockoutTime == 0)) {
 		ret = samdb_msg_add_int64(sam_ctx, msg_mod, msg_mod,