Blame SOURCES/Allow-clock-skew-in-krb5-gss_context_time.patch

e58a44
From 498b43b1a58795773834c1c5bb2b61dd801b9a03 Mon Sep 17 00:00:00 2001
e58a44
From: Greg Hudson <ghudson@mit.edu>
e58a44
Date: Sat, 22 Apr 2017 16:51:23 -0400
e58a44
Subject: [PATCH] Allow clock skew in krb5 gss_context_time()
e58a44
e58a44
Commit b496ce4095133536e0ace36b74130e4b9ecb5e11 (ticket #8268) adds
e58a44
the clock skew to krb5 acceptor context lifetimes for
e58a44
gss_accept_sec_context() and gss_inquire_context(), but not for
e58a44
gss_context_time().  Add the clock skew in gss_context_time() as well.
e58a44
e58a44
ticket: 8581 (new)
e58a44
target_version: 1.14-next
e58a44
target_version: 1.15-next
e58a44
tags: pullup
e58a44
e58a44
(cherry picked from commit b0a072e6431261734e7350996a363801f180e8ea)
e58a44
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
e58a44
---
e58a44
 src/lib/gssapi/krb5/context_time.c | 5 ++++-
e58a44
 1 file changed, 4 insertions(+), 1 deletion(-)
e58a44
e58a44
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c
e58a44
index a18cfb05b..450593288 100644
e58a44
--- a/src/lib/gssapi/krb5/context_time.c
e58a44
+++ b/src/lib/gssapi/krb5/context_time.c
e58a44
@@ -51,7 +51,10 @@ krb5_gss_context_time(minor_status, context_handle, time_rec)
e58a44
         return(GSS_S_FAILURE);
e58a44
     }
e58a44
 
e58a44
-    if ((lifetime = ctx->krb_times.endtime - now) <= 0) {
e58a44
+    lifetime = ctx->krb_times.endtime - now;
e58a44
+    if (!ctx->initiate)
e58a44
+        lifetime += ctx->k5_context->clockskew;
e58a44
+    if (lifetime <= 0) {
e58a44
         *time_rec = 0;
e58a44
         *minor_status = 0;
e58a44
         return(GSS_S_CONTEXT_EXPIRED);