diff options
| author | Greg Hudson <ghudson@mit.edu> | 2017-04-22 16:51:23 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2017-04-24 16:09:16 -0400 |
| commit | b0a072e6431261734e7350996a363801f180e8ea (patch) | |
| tree | 88c5720c7b5e83eae08b51f1cf79ec4cd1fe1cca /src | |
| parent | aace82e17ed0185faa3e9cda5437a3c6a7a40b10 (diff) | |
| download | krb5-b0a072e6431261734e7350996a363801f180e8ea.zip krb5-b0a072e6431261734e7350996a363801f180e8ea.tar.gz krb5-b0a072e6431261734e7350996a363801f180e8ea.tar.bz2 | |
Allow clock skew in krb5 gss_context_time()
Commit b496ce4095133536e0ace36b74130e4b9ecb5e11 (ticket #8268) adds
the clock skew to krb5 acceptor context lifetimes for
gss_accept_sec_context() and gss_inquire_context(), but not for
gss_context_time(). Add the clock skew in gss_context_time() as well.
ticket: 8581 (new)
target_version: 1.14-next
target_version: 1.15-next
tags: pullup
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/gssapi/krb5/context_time.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c index a18cfb0..4505932 100644 --- a/src/lib/gssapi/krb5/context_time.c +++ b/src/lib/gssapi/krb5/context_time.c @@ -51,7 +51,10 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) return(GSS_S_FAILURE); } - if ((lifetime = ctx->krb_times.endtime - now) <= 0) { + lifetime = ctx->krb_times.endtime - now; + if (!ctx->initiate) + lifetime += ctx->k5_context->clockskew; + if (lifetime <= 0) { *time_rec = 0; *minor_status = 0; return(GSS_S_CONTEXT_EXPIRED); |