Ticket History #7021: Fix failure interval of 0 in LDAP lockout code

# Sun Nov 20 00:19:45 2011 ghudson@mit.edu (Greg Hudson) - Ticket created

From:	ghudson@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 535B

A failure count interval of 0 caused krb5_ldap_lockout_check_policy to
pass the lockout check (but didn't cause a reset of the failure count
in krb5_ldap_lockout_audit). It should be treated as forever, as in
the DB2 back end.

This bug is the previously unknown cause of the assertion failure
fixed in CVE-2011-1528.

https://github.com/krb5/krb5/commit/4a84d4137426d0951d5565adef30efebab719d23
Commit By: ghudson
Revision: 25480
Changed Files:
U trunk/src/kadmin/cli/kadmin.M
U trunk/src/plugins/kdb/ldap/libkdb_ldap/lockout.c

# Sun Nov 20 00:19:46 2011 ghudson@mit.edu (Greg Hudson) - Requestor ghudson@mit.edu (Greg Hudson) added

# Sun Nov 20 00:19:46 2011 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'

# Sun Nov 20 00:19:46 2011 ghudson@mit.edu (Greg Hudson) - Tags pullup added

# Sun Nov 20 00:19:46 2011 ghudson@mit.edu (Greg Hudson) - Target_Version 1.10 added

# Sun Nov 20 00:23:02 2011 ghudson@mit.edu (Greg Hudson) - Comments added

Download (untitled) / with headers
text/plain 153B

This should also be pulled up to 1.9 and 1.8. The code change should
apply cleanly. The man page change isn't terribly important if it doesn't
apply.

# Mon Dec 05 15:53:52 2011 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'

# Mon Dec 05 15:53:52 2011 tlyu (Taylor Yu) - Version_Fixed 1.10 added

# Mon Dec 05 15:53:52 2011 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 850B

pull up r25480 from trunk

------------------------------------------------------------------------
r25480 | ghudson | 2011-11-20 00:19:45 -0500 (Sun, 20 Nov 2011) | 13 lines

ticket: 7021
subject: Fix failure interval of 0 in LDAP lockout code
target_version: 1.10
tags: pullup

A failure count interval of 0 caused krb5_ldap_lockout_check_policy to
pass the lockout check (but didn't cause a reset of the failure count
in krb5_ldap_lockout_audit). It should be treated as forever, as in
the DB2 back end.

This bug is the previously unknown cause of the assertion failure
fixed in CVE-2011-1528.

https://github.com/krb5/krb5/commit/741ead4255452a105cbac12382be58ad3a2b670a
Commit By: tlyu
Revision: 25512
Changed Files:
U branches/krb5-1-10/src/kadmin/cli/kadmin.M
U branches/krb5-1-10/src/plugins/kdb/ldap/libkdb_ldap/lockout.c

# Wed Dec 16 18:02:57 2015 tlyu (Taylor Yu) - CustomField pullup deleted