[29941] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix in_clock_skew() and use it in AS client code
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Apr 24 17:33:02 2017
Date: Mon, 24 Apr 2017 17:32:57 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201704242132.v3OLWv8R012348@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/28a07a6461bb443b7fa75cc5cb859ad0db4cbb5a
commit 28a07a6461bb443b7fa75cc5cb859ad0db4cbb5a
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Apr 24 02:02:36 2017 -0400
Fix in_clock_skew() and use it in AS client code
Add a context parameter to the in_clock_skew() macro so that it isn't
implicitly relying on a local variable. Use it in
get_in_tkt.c:verify_as_reply().
src/lib/krb5/krb/gc_via_tkt.c | 2 +-
src/lib/krb5/krb/get_in_tkt.c | 4 ++--
src/lib/krb5/krb/int-proto.h | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 4c0a1a4..c85d8b8 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -305,7 +305,7 @@ krb5int_process_tgs_reply(krb5_context context,
goto cleanup;
if (!in_cred->times.starttime &&
- !in_clock_skew(dec_rep->enc_part2->times.starttime,
+ !in_clock_skew(context, dec_rep->enc_part2->times.starttime,
timestamp)) {
retval = KRB5_KDCREP_SKEW;
goto cleanup;
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index dfc7fa8..2ad0bd6 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -287,8 +287,8 @@ verify_as_reply(krb5_context context,
return retval;
} else {
if ((request->from == 0) &&
- (labs(as_reply->enc_part2->times.starttime - time_now)
- > context->clockskew))
+ !in_clock_skew(context, as_reply->enc_part2->times.starttime,
+ time_now))
return (KRB5_KDCREP_SKEW);
}
return 0;
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
index 57411a9..82fa03d 100644
--- a/src/lib/krb5/krb/int-proto.h
+++ b/src/lib/krb5/krb/int-proto.h
@@ -83,7 +83,8 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
krb5_creds *in_creds, krb5_creds *mcreds,
krb5_flags *fields);
-#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
+#define in_clock_skew(context, date, now) \
+ (labs((date) - (now)) < (context)->clockskew)
#define IS_TGS_PRINC(p) ((p)->length == 2 && \
data_eq_string((p)->data[0], KRB5_TGS_NAME))
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
