|
 |
749169 |
From 087bd1bdff17025af6e5189898209035ec8d75da Mon Sep 17 00:00:00 2001
|
|
|
e58a44 |
From: Greg Hudson <ghudson@mit.edu>
|
|
|
e58a44 |
Date: Thu, 4 May 2017 17:03:35 -0400
|
|
|
e58a44 |
Subject: [PATCH] Add y2038 documentation
|
|
|
e58a44 |
|
|
|
e58a44 |
ticket: 8352
|
|
|
e58a44 |
(cherry picked from commit 85d64c43dbf7a7faa56a1999494cdfa49e8bd2c9)
|
|
|
e58a44 |
---
|
|
|
e58a44 |
doc/appdev/index.rst | 1 +
|
|
|
e58a44 |
doc/appdev/y2038.rst | 28 ++++++++++++++++++++++++++++
|
|
|
e58a44 |
2 files changed, 29 insertions(+)
|
|
|
e58a44 |
create mode 100644 doc/appdev/y2038.rst
|
|
|
e58a44 |
|
|
|
e58a44 |
diff --git a/doc/appdev/index.rst b/doc/appdev/index.rst
|
|
|
e58a44 |
index 3d62045ca..961bb1e9e 100644
|
|
|
e58a44 |
--- a/doc/appdev/index.rst
|
|
|
e58a44 |
+++ b/doc/appdev/index.rst
|
|
|
e58a44 |
@@ -5,6 +5,7 @@ For application developers
|
|
|
e58a44 |
:maxdepth: 1
|
|
|
e58a44 |
|
|
|
e58a44 |
gssapi.rst
|
|
|
e58a44 |
+ y2038.rst
|
|
|
e58a44 |
h5l_mit_apidiff.rst
|
|
|
e58a44 |
init_creds.rst
|
|
|
e58a44 |
princ_handle.rst
|
|
|
e58a44 |
diff --git a/doc/appdev/y2038.rst b/doc/appdev/y2038.rst
|
|
|
e58a44 |
new file mode 100644
|
|
|
e58a44 |
index 000000000..bc4122dad
|
|
|
e58a44 |
--- /dev/null
|
|
|
e58a44 |
+++ b/doc/appdev/y2038.rst
|
|
|
e58a44 |
@@ -0,0 +1,28 @@
|
|
|
e58a44 |
+Year 2038 considerations for uses of krb5_timestamp
|
|
|
e58a44 |
+===================================================
|
|
|
e58a44 |
+
|
|
|
e58a44 |
+POSIX time values, which measure the number of seconds since January 1
|
|
|
e58a44 |
+1970, will exceed the maximum value representable in a signed 32-bit
|
|
|
e58a44 |
+integer in January 2038. This documentation describes considerations
|
|
|
e58a44 |
+for consumers of the MIT krb5 libraries.
|
|
|
e58a44 |
+
|
|
|
e58a44 |
+Applications or libraries which use libkrb5 and consume the timestamps
|
|
|
e58a44 |
+included in credentials or other structures make use of the
|
|
|
e58a44 |
+:c:type:`krb5_timestamp` type. For historical reasons, krb5_timestamp
|
|
|
e58a44 |
+is a signed 32-bit integer, even on platforms where a larger type is
|
|
|
e58a44 |
+natively used to represent time values. To behave properly for time
|
|
|
e58a44 |
+values after January 2038, calling code should cast krb5_timestamp
|
|
|
e58a44 |
+values to uint32_t, and then to time_t::
|
|
|
e58a44 |
+
|
|
|
e58a44 |
+ (time_t)(uint32_t)timestamp
|
|
|
e58a44 |
+
|
|
|
e58a44 |
+Used in this way, krb5_timestamp values can represent time values up
|
|
|
e58a44 |
+until February 2106, provided that the platform uses a 64-bit or
|
|
|
e58a44 |
+larger time_t type. This usage will also remain safe if a later
|
|
|
e58a44 |
+version of MIT krb5 changes krb5_timestamp to an unsigned 32-bit
|
|
|
e58a44 |
+integer.
|
|
|
e58a44 |
+
|
|
|
e58a44 |
+The GSSAPI only uses representations of time intervals, not absolute
|
|
|
e58a44 |
+times. Callers of the GSSAPI should require no changes to behave
|
|
|
e58a44 |
+correctly after January 2038, provided that they use MIT krb5 release
|
|
|
e58a44 |
+1.16 or later.
|