[26985] in CVS-changelog-for-Kerberos-V5
krb5 commit: Support kdc_timesync offsets in memory ccache
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Aug 31 11:14:01 2012
Date: Fri, 31 Aug 2012 11:13:50 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201208311513.q7VFDohR004182@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/79b78773ee4e9219185c71907256a92e06ec5b57
commit 79b78773ee4e9219185c71907256a92e06ec5b57
Author: Nate Rosenblum <nater@maginatics.com>
Date: Wed Aug 29 11:16:11 2012 -0700
Support kdc_timesync offsets in memory ccache
When using v4 file credentials caches, client clock skew offsets
obtained when running with the kdc_timesync option set are persisted in
the ccache. This allows the offsets to be used across separate contexts,
e.g. when obtaining credentials using krb5 interfaces and subsequently
importing those credentials for use in gssapi. This patch adds similar
support for memory credentials caches.
[ghudson@mit.edu: Minor style corrections.]
ticket: 7346 (new)
src/lib/krb5/ccache/cc_memory.c | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index 07d9261..aa3d89d 100644
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -110,6 +110,9 @@ typedef struct _krb5_mcc_data {
krb5_principal prin;
krb5_mcc_cursor link;
krb5_timestamp changetime;
+ /* Time offsets for clock-skewed clients. */
+ krb5_int32 time_offset;
+ krb5_int32 usec_offset;
} krb5_mcc_data;
/* List of memory caches. */
@@ -144,6 +147,7 @@ static void krb5_mcc_free (krb5_context context, krb5_ccache id);
krb5_error_code KRB5_CALLCONV
krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
+ krb5_os_context os_ctx = &context->os_context;
krb5_error_code ret;
krb5_mcc_data *d;
@@ -159,6 +163,12 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
&d->prin);
update_mcc_change_time(d);
+ if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+ /* Store client time offsets in the cache */
+ d->time_offset = os_ctx->time_offset;
+ d->usec_offset = os_ctx->usec_offset;
+ }
+
k5_cc_mutex_unlock(context, &d->lock);
if (ret == KRB5_OK)
krb5_change_cache();
@@ -265,6 +275,7 @@ static krb5_error_code new_mcc_data (const char *, krb5_mcc_data **);
krb5_error_code KRB5_CALLCONV
krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
{
+ krb5_os_context os_ctx = &context->os_context;
krb5_ccache lid;
krb5_mcc_list_node *ptr;
krb5_error_code err;
@@ -291,6 +302,15 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
if (lid == NULL)
return KRB5_CC_NOMEM;
+ if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
+ !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+ /* Use the time offset from the cache entry */
+ os_ctx->time_offset = d->time_offset;
+ os_ctx->usec_offset = d->usec_offset;
+ os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+ KRB5_OS_TOFFSET_VALID);
+ }
+
lid->ops = &krb5_mcc_ops;
lid->data = d;
*id = lid;
@@ -421,6 +441,8 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr)
d->link = NULL;
d->prin = NULL;
d->changetime = 0;
+ d->time_offset = 0;
+ d->usec_offset = 0;
update_mcc_change_time(d);
n = malloc(sizeof(krb5_mcc_list_node));
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
