aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2010-06-08 16:14:24 +0000
committerGreg Hudson <ghudson@mit.edu>2010-06-08 16:14:24 +0000
commit8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e (patch)
tree42b4626afe641626fbb13254283ff969153f0ae3
parent8c89e25e3d7ad7ad883b707551410fa4ee11c67b (diff)
downloadkrb5-8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e.zip
krb5-8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e.tar.gz
krb5-8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e.tar.bz2
Stop checking the current time against the context expiration time in
the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. ticket: 6739 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat
-rw-r--r--src/lib/gssapi/krb5/k5unsealiov.c14
1 files changed, 0 insertions, 14 deletions
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c
index a489f0d..2be7b82 100644
--- a/src/lib/gssapi/krb5/k5unsealiov.c
+++ b/src/lib/gssapi/krb5/k5unsealiov.c
@@ -52,7 +52,6 @@ kg_unseal_v1_iov(krb5_context context,
int signalg;
krb5_checksum cksum;
krb5_checksum md5cksum;
- krb5_timestamp now;
size_t cksum_len = 0;
size_t conflen = 0;
int direction;
@@ -280,19 +279,6 @@ kg_unseal_v1_iov(krb5_context context,
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
- code = krb5_timeofday(context, &now);
- if (code != 0) {
- *minor_status = code;
- retval = GSS_S_FAILURE;
- goto cleanup;
- }
-
- if (now > ctx->krb_times.endtime) {
- *minor_status = 0;
- retval = GSS_S_CONTEXT_EXPIRED;
- goto cleanup;
- }
-
if ((ctx->initiate && direction != 0xff) ||
(!ctx->initiate && direction != 0)) {
*minor_status = (OM_uint32)G_BAD_DIRECTION;
generated by cgit v1.1 at 2024-08-01 12:37:49 +0000