Allow clock skew in krb5 gss_context_time()

Commit b496ce4095133536e0ace36b74130e4b9ecb5e11 (ticket #8268) adds the clock skew to krb5 acceptor context lifetimes for gss_accept_sec_context() and gss_inquire_context(), but not for gss_context_time(). Add the clock skew in gss_context_time() as well. (cherry picked from commit b0a072e6431261734e7350996a363801f180e8ea) ticket: 8581 version_fixed: 1.14.6
author: Greg Hudson <ghudson@mit.edu> 2017-04-22 16:51:23 -0400
committer: Greg Hudson <ghudson@mit.edu> 2017-07-17 18:25:34 -0400
commit: a72e99d479e772f540ff74617f4fa65967f5dd17 (patch)
tree: b50faed08ae55d6f58322a54c86effb8dbe26dad
parent: 9a844b3f7206864d390cc35fc0cb4977684d7de2 (diff)
download: krb5-a72e99d479e772f540ff74617f4fa65967f5dd17.zip
krb5-a72e99d479e772f540ff74617f4fa65967f5dd17.tar.gz
krb5-a72e99d479e772f540ff74617f4fa65967f5dd17.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c
index a18cfb0..4505932 100644
--- a/src/lib/gssapi/krb5/context_time.c
+++ b/src/lib/gssapi/krb5/context_time.c
@@ -51,7 +51,10 @@ krb5_gss_context_time(minor_status, context_handle, time_rec)
         return(GSS_S_FAILURE);
     }
 
-    if ((lifetime = ctx->krb_times.endtime - now) <= 0) {
+    lifetime = ctx->krb_times.endtime - now;
+    if (!ctx->initiate)
+        lifetime += ctx->k5_context->clockskew;
+    if (lifetime <= 0) {
         *time_rec = 0;
         *minor_status = 0;
         return(GSS_S_CONTEXT_EXPIRED);
author	Greg Hudson <ghudson@mit.edu>	2017-04-22 16:51:23 -0400
committer	Greg Hudson <ghudson@mit.edu>	2017-07-17 18:25:34 -0400
commit	a72e99d479e772f540ff74617f4fa65967f5dd17 (patch)
tree	b50faed08ae55d6f58322a54c86effb8dbe26dad
parent	9a844b3f7206864d390cc35fc0cb4977684d7de2 (diff)
download	krb5-a72e99d479e772f540ff74617f4fa65967f5dd17.zip krb5-a72e99d479e772f540ff74617f4fa65967f5dd17.tar.gz krb5-a72e99d479e772f540ff74617f4fa65967f5dd17.tar.bz2