djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix issue with very high integer value parsing, add unit tests

Browse Source 
also add comment about urgent replication
This commit is contained in:
Margo Crawford 2021-12-07 16:57:39 -08:00
parent ee4f725209
commit 65f3464995
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
internal/upstreamldap/upstreamldap.go
View File

@ -896,13 +896,13 @@ func win32timestampToTime(win32timestamp string) (time.Time, error) {
const unixTimeBaseAsWin = 116_444_736_000_000_000 // The unix base time (January 1, 1970 UTC) as 100 ns since Win32 epoch (1601-01-01) const unixTimeBaseAsWin = 116_444_736_000_000_000 // The unix base time (January 1, 1970 UTC) as 100 ns since Win32 epoch (1601-01-01)
const hundredNsToSecFactor = 10_000_000 const hundredNsToSecFactor = 10_000_000
win32Time, err := strconv.ParseUint(win32timestamp, 10, 64) win32Time, err := strconv.ParseInt(win32timestamp, 10, 64)
if err != nil { if err != nil {
return time.Time{}, fmt.Errorf("couldn't parse as timestamp") return time.Time{}, fmt.Errorf("couldn't parse as timestamp")
} }
unixsec := int64(win32Time-unixTimeBaseAsWin) / hundredNsToSecFactor unixsec := (win32Time - unixTimeBaseAsWin) / hundredNsToSecFactor
unixns := int64(win32Time%hundredNsToSecFactor) * 100 unixns := (win32Time % hundredNsToSecFactor) * 100
convertedTime := time.Unix(unixsec, unixns).UTC() convertedTime := time.Unix(unixsec, unixns).UTC()
return convertedTime, nil return convertedTime, nil

10
internal/upstreamldap/upstreamldap_test.go
View File

@ -2085,6 +2085,16 @@ func TestWin32TimestampToTime(t *testing.T) {
timestampString: "132540199410000001", timestampString: "132540199410000001",
wantTime: time.Date(2021, time.January, 2, 0, 12, 21, 100, time.UTC).UTC(), wantTime: time.Date(2021, time.January, 2, 0, 12, 21, 100, time.UTC).UTC(),
}, },
{
name: "max allowable value",
timestampString: "9223372036854775807", // 2^63-1
wantTime: time.Date(30828, time.September, 14, 2, 48, 5, 477580700, time.UTC).UTC(),
},
{
name: "just past max allowable value",
timestampString: "9223372036854775808", // 2^63
wantErr: "couldn't parse as timestamp",
},
} }
for _, test := range tests { for _, test := range tests {

7
test/integration/supervisor_login_test.go
View File

@ -1879,7 +1879,12 @@ func lockADTestUser(t *testing.T, env *testlib.TestEnv, testUserName string) {
userDN := fmt.Sprintf("CN=%s,OU=test-users,%s", testUserName, env.SupervisorUpstreamActiveDirectory.UserSearchBase) userDN := fmt.Sprintf("CN=%s,OU=test-users,%s", testUserName, env.SupervisorUpstreamActiveDirectory.UserSearchBase)
conn := dialTLS(t, env) conn := dialTLS(t, env)
for i := 0; i <= 21; i++ { // our password policy allows 20 wrong attempts before locking the account, so do 21. // our password policy allows 20 wrong attempts before locking the account, so do 21.
// these wrong password attempts could go to different domain controllers, but account
// lockout changes are urgently replicated, meaning that the domain controllers will be
// synced asap rather than in the usual 15 second interval.
// See https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961787(v=technet.10)#urgent-replication-of-account-lockout-changes
for i := 0; i <= 21; i++ {
err := conn.Bind(userDN, "not-the-right-password-"+fmt.Sprint(i)) err := conn.Bind(userDN, "not-the-right-password-"+fmt.Sprint(i))
require.Error(t, err) // this should be an error require.Error(t, err) // this should be an error
} }