Blame SOURCES/Fix-in_clock_skew-and-use-it-in-AS-client-code.patch

e58a44
From 7e914206a676fb8f972c8021e97fab86a155488b Mon Sep 17 00:00:00 2001
e58a44
From: Greg Hudson <ghudson@mit.edu>
e58a44
Date: Mon, 24 Apr 2017 02:02:36 -0400
e58a44
Subject: [PATCH] Fix in_clock_skew() and use it in AS client code
e58a44
e58a44
Add a context parameter to the in_clock_skew() macro so that it isn't
e58a44
implicitly relying on a local variable.  Use it in
e58a44
get_in_tkt.c:verify_as_reply().
e58a44
e58a44
(cherry picked from commit 28a07a6461bb443b7fa75cc5cb859ad0db4cbb5a)
e58a44
---
e58a44
 src/lib/krb5/krb/gc_via_tkt.c | 2 +-
e58a44
 src/lib/krb5/krb/get_in_tkt.c | 4 ++--
e58a44
 src/lib/krb5/krb/int-proto.h  | 3 ++-
e58a44
 3 files changed, 5 insertions(+), 4 deletions(-)
e58a44
e58a44
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
e58a44
index 4c0a1a461..c85d8b8d8 100644
e58a44
--- a/src/lib/krb5/krb/gc_via_tkt.c
e58a44
+++ b/src/lib/krb5/krb/gc_via_tkt.c
e58a44
@@ -305,7 +305,7 @@ krb5int_process_tgs_reply(krb5_context context,
e58a44
         goto cleanup;
e58a44
 
e58a44
     if (!in_cred->times.starttime &&
e58a44
-        !in_clock_skew(dec_rep->enc_part2->times.starttime,
e58a44
+        !in_clock_skew(context, dec_rep->enc_part2->times.starttime,
e58a44
                        timestamp)) {
e58a44
         retval = KRB5_KDCREP_SKEW;
e58a44
         goto cleanup;
e58a44
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
e58a44
index 54badbbc3..a058f5bd7 100644
e58a44
--- a/src/lib/krb5/krb/get_in_tkt.c
e58a44
+++ b/src/lib/krb5/krb/get_in_tkt.c
e58a44
@@ -287,8 +287,8 @@ verify_as_reply(krb5_context            context,
e58a44
             return retval;
e58a44
     } else {
e58a44
         if ((request->from == 0) &&
e58a44
-            (labs(as_reply->enc_part2->times.starttime - time_now)
e58a44
-             > context->clockskew))
e58a44
+            !in_clock_skew(context, as_reply->enc_part2->times.starttime,
e58a44
+                           time_now))
e58a44
             return (KRB5_KDCREP_SKEW);
e58a44
     }
e58a44
     return 0;
e58a44
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
e58a44
index 6da74858e..44eca359f 100644
e58a44
--- a/src/lib/krb5/krb/int-proto.h
e58a44
+++ b/src/lib/krb5/krb/int-proto.h
e58a44
@@ -83,7 +83,8 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
e58a44
                                  krb5_creds *in_creds, krb5_creds *mcreds,
e58a44
                                  krb5_flags *fields);
e58a44
 
e58a44
-#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
e58a44
+#define in_clock_skew(context, date, now)               \
e58a44
+    (labs((date) - (now)) < (context)->clockskew)
e58a44
 
e58a44
 #define IS_TGS_PRINC(p) ((p)->length == 2 &&                            \
e58a44
                          data_eq_string((p)->data[0], KRB5_TGS_NAME))