[29939] in CVS-changelog-for-Kerberos-V5
krb5 commit: Allow clock skew in krb5 gss_context_time()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Apr 24 16:55:51 2017
Date: Mon, 24 Apr 2017 16:55:47 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201704242055.v3OKtlBj013768@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/b0a072e6431261734e7350996a363801f180e8ea
commit b0a072e6431261734e7350996a363801f180e8ea
Author: Greg Hudson <ghudson@mit.edu>
Date: Sat Apr 22 16:51:23 2017 -0400
Allow clock skew in krb5 gss_context_time()
Commit b496ce4095133536e0ace36b74130e4b9ecb5e11 (ticket #8268) adds
the clock skew to krb5 acceptor context lifetimes for
gss_accept_sec_context() and gss_inquire_context(), but not for
gss_context_time(). Add the clock skew in gss_context_time() as well.
ticket: 8581 (new)
target_version: 1.14-next
target_version: 1.15-next
tags: pullup
src/lib/gssapi/krb5/context_time.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c
index a18cfb0..4505932 100644
--- a/src/lib/gssapi/krb5/context_time.c
+++ b/src/lib/gssapi/krb5/context_time.c
@@ -51,7 +51,10 @@ krb5_gss_context_time(minor_status, context_handle, time_rec)
return(GSS_S_FAILURE);
}
- if ((lifetime = ctx->krb_times.endtime - now) <= 0) {
+ lifetime = ctx->krb_times.endtime - now;
+ if (!ctx->initiate)
+ lifetime += ctx->k5_context->clockskew;
+ if (lifetime <= 0) {
*time_rec = 0;
*minor_status = 0;
return(GSS_S_CONTEXT_EXPIRED);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
