diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-06-08 16:14:24 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-06-08 16:14:24 +0000 |
commit | 8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e (patch) | |
tree | 42b4626afe641626fbb13254283ff969153f0ae3 | |
parent | 8c89e25e3d7ad7ad883b707551410fa4ee11c67b (diff) | |
download | krb5-8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e.zip krb5-8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e.tar.gz krb5-8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e.tar.bz2 |
Stop checking the current time against the context expiration time in
the message wrap/unwrap functions in the krb5 GSS mech. Heimdal
doesn't do it, and it generally results in poor app behavior when a
ticket expires. In exchange, it doesn't provide much security benefit
since it's not enforced across the board--for example, ssh sessions
can persist beyond ticket expiration time since they don't use GSS to
wrap payload data.
ticket: 6739
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/k5unsealiov.c | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index a489f0d..2be7b82 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -52,7 +52,6 @@ kg_unseal_v1_iov(krb5_context context, int signalg; krb5_checksum cksum; krb5_checksum md5cksum; - krb5_timestamp now; size_t cksum_len = 0; size_t conflen = 0; int direction; @@ -280,19 +279,6 @@ kg_unseal_v1_iov(krb5_context context, if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; - code = krb5_timeofday(context, &now); - if (code != 0) { - *minor_status = code; - retval = GSS_S_FAILURE; - goto cleanup; - } - - if (now > ctx->krb_times.endtime) { - *minor_status = 0; - retval = GSS_S_CONTEXT_EXPIRED; - goto cleanup; - } - if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { *minor_status = (OM_uint32)G_BAD_DIRECTION; |