Fix issue with very high integer value parsing, add unit tests

also add comment about urgent replication
2021-12-07 16:57:39 -08:00 · 2021-12-07 16:57:39 -08:00 · 65f3464995
commit 65f3464995
parent ee4f725209
3 changed files with 19 additions and 4 deletions
--- a/internal/upstreamldap/upstreamldap.go
+++ b/internal/upstreamldap/upstreamldap.go
@ -896,13 +896,13 @@ func win32timestampToTime(win32timestamp string) (time.Time, error) {
 	const unixTimeBaseAsWin = 116_444_736_000_000_000 // The unix base time (January 1, 1970 UTC) as 100 ns since Win32 epoch (1601-01-01)
 	const hundredNsToSecFactor = 10_000_000

-	win32Time, err := strconv.ParseUint(win32timestamp, 10, 64)
+	win32Time, err := strconv.ParseInt(win32timestamp, 10, 64)
 	if err != nil {
 		return time.Time{}, fmt.Errorf("couldn't parse as timestamp")
 	}

-	unixsec := int64(win32Time-unixTimeBaseAsWin) / hundredNsToSecFactor
-	unixns := int64(win32Time%hundredNsToSecFactor) * 100
+	unixsec := (win32Time - unixTimeBaseAsWin) / hundredNsToSecFactor
+	unixns := (win32Time % hundredNsToSecFactor) * 100

 	convertedTime := time.Unix(unixsec, unixns).UTC()
 	return convertedTime, nil
--- a/internal/upstreamldap/upstreamldap_test.go
+++ b/internal/upstreamldap/upstreamldap_test.go
@ -2085,6 +2085,16 @@ func TestWin32TimestampToTime(t *testing.T) {
 			timestampString: "132540199410000001",
 			wantTime:        time.Date(2021, time.January, 2, 0, 12, 21, 100, time.UTC).UTC(),
 		},
+		{
+			name:            "max allowable value",
+			timestampString: "9223372036854775807", // 2^63-1
+			wantTime:        time.Date(30828, time.September, 14, 2, 48, 5, 477580700, time.UTC).UTC(),
+		},
+		{
+			name:            "just past max allowable value",
+			timestampString: "9223372036854775808", // 2^63
+			wantErr:         "couldn't parse as timestamp",
+		},
 	}

 	for _, test := range tests {
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@ -1879,7 +1879,12 @@ func lockADTestUser(t *testing.T, env *testlib.TestEnv, testUserName string) {
 	userDN := fmt.Sprintf("CN=%s,OU=test-users,%s", testUserName, env.SupervisorUpstreamActiveDirectory.UserSearchBase)
 	conn := dialTLS(t, env)

-	for i := 0; i <= 21; i++ { // our password policy allows 20 wrong attempts before locking the account, so do 21.
+	// our password policy allows 20 wrong attempts before locking the account, so do 21.
+	// these wrong password attempts could go to different domain controllers, but account
+	// lockout changes are urgently replicated, meaning that the domain controllers will be
+	// synced asap rather than in the usual 15 second interval.
+	// See https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961787(v=technet.10)#urgent-replication-of-account-lockout-changes
+	for i := 0; i <= 21; i++ {
 		err := conn.Bind(userDN, "not-the-right-password-"+fmt.Sprint(i))
 		require.Error(t, err) // this should be an error
 	}