|
 |
d738b9 |
From 527fafc0e0abf90c1bb3d66c31ea92a96e095f08 Mon Sep 17 00:00:00 2001
|
|
|
d738b9 |
From: Greg Hudson <ghudson@mit.edu>
|
|
|
d738b9 |
Date: Sat, 22 Apr 2017 16:51:23 -0400
|
|
|
d738b9 |
Subject: [PATCH] Allow clock skew in krb5 gss_context_time()
|
|
|
d738b9 |
|
|
|
d738b9 |
Commit b496ce4095133536e0ace36b74130e4b9ecb5e11 (ticket #8268) adds
|
|
|
d738b9 |
the clock skew to krb5 acceptor context lifetimes for
|
|
|
d738b9 |
gss_accept_sec_context() and gss_inquire_context(), but not for
|
|
|
d738b9 |
gss_context_time(). Add the clock skew in gss_context_time() as well.
|
|
|
d738b9 |
|
|
|
d738b9 |
ticket: 8581 (new)
|
|
|
d738b9 |
target_version: 1.14-next
|
|
|
d738b9 |
target_version: 1.15-next
|
|
|
d738b9 |
tags: pullup
|
|
|
d738b9 |
|
|
|
d738b9 |
(cherry picked from commit b0a072e6431261734e7350996a363801f180e8ea)
|
|
|
d738b9 |
---
|
|
|
d738b9 |
src/lib/gssapi/krb5/context_time.c | 5 ++++-
|
|
|
d738b9 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
d738b9 |
|
|
|
d738b9 |
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c
|
|
|
d738b9 |
index a18cfb05b..450593288 100644
|
|
|
d738b9 |
--- a/src/lib/gssapi/krb5/context_time.c
|
|
|
d738b9 |
+++ b/src/lib/gssapi/krb5/context_time.c
|
|
|
d738b9 |
@@ -51,7 +51,10 @@ krb5_gss_context_time(minor_status, context_handle, time_rec)
|
|
|
d738b9 |
return(GSS_S_FAILURE);
|
|
|
d738b9 |
}
|
|
|
d738b9 |
|
|
|
d738b9 |
- if ((lifetime = ctx->krb_times.endtime - now) <= 0) {
|
|
|
d738b9 |
+ lifetime = ctx->krb_times.endtime - now;
|
|
|
d738b9 |
+ if (!ctx->initiate)
|
|
|
d738b9 |
+ lifetime += ctx->k5_context->clockskew;
|
|
|
d738b9 |
+ if (lifetime <= 0) {
|
|
|
d738b9 |
*time_rec = 0;
|
|
|
d738b9 |
*minor_status = 0;
|
|
|
d738b9 |
return(GSS_S_CONTEXT_EXPIRED);
|