sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s4:auth: Let dsdb gMSA time influence NTLM previous password allowed period

Browse Source 
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Jo Sutton 2024-05-01 14:58:31 +12:00 committed by Andrew Bartlett
parent 92d010af2d
commit e5357c75a6
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
source4/auth/ntlm/auth_sam.c
View File

@ -467,10 +467,10 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con
for (i = 1; i < MIN(history_len, 3); i++) { for (i = 1; i < MIN(history_len, 3); i++) {
const struct samr_Password *nt_history_pwd = NULL; const struct samr_Password *nt_history_pwd = NULL;
NTTIME pwdLastSet; NTTIME pwdLastSet;
struct timeval tv_now;
NTTIME now; NTTIME now;
int allowed_period_mins; int allowed_period_mins;
NTTIME allowed_period; NTTIME allowed_period;
bool ok;
/* Reset these variables back to starting as empty */ /* Reset these variables back to starting as empty */
aes_256_key = NULL; aes_256_key = NULL;
@ -650,8 +650,11 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con
allowed_period = (NTTIME) allowed_period_mins * allowed_period = (NTTIME) allowed_period_mins *
60 * 1000*1000*10; 60 * 1000*1000*10;
pwdLastSet = samdb_result_nttime(msg, "pwdLastSet", 0); pwdLastSet = samdb_result_nttime(msg, "pwdLastSet", 0);
tv_now = timeval_current(); ok = dsdb_gmsa_current_time(sam_ctx, &now);
now = timeval_to_nttime(&tv_now); if (!ok) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_WRONG_PASSWORD;
}
if (now < pwdLastSet) { if (now < pwdLastSet) {
/* /*