diff options
author | Theodore Tso <tytso@mit.edu> | 1996-04-12 02:18:50 +0000 |
---|---|---|
committer | Theodore Tso <tytso@mit.edu> | 1996-04-12 02:18:50 +0000 |
commit | 0851e65edabfa98bffeec76d115c2d3fd8861d63 (patch) | |
tree | c98056a38dbc13b02900b226ab98d3db7ae8690c | |
parent | 91ea416bc25d6b143871241bb023f100ae40e1a5 (diff) | |
download | krb5-0851e65edabfa98bffeec76d115c2d3fd8861d63.tar.gz krb5-0851e65edabfa98bffeec76d115c2d3fd8861d63.tar.xz krb5-0851e65edabfa98bffeec76d115c2d3fd8861d63.zip |
Move time offset code from stash_as_reply to verify_as_reply, and fix
it so that it actually works.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7801 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/krb5/krb/ChangeLog | 6 | ||||
-rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 24 |
2 files changed, 19 insertions, 11 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 232441e8cd..62c92296a1 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,9 @@ +Thu Apr 11 21:30:23 1996 Theodore Y. Ts'o <tytso@dcl> + + * get_in_tkt.c (stash_as_reply, verify_as_reply): Move time offset + code from stash_as_reply to verify_as_reply, and fix it so + that it actually works. + Wed Apr 3 16:04:36 1996 Theodore Y. Ts'o <tytso@dcl> * rd_req_dec.c (krb5_rd_req_decoded): Move code which diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 79c41086b9..891bff8561 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -220,6 +220,8 @@ verify_as_reply(context, time_now, request, as_reply) krb5_kdc_req *request; krb5_kdc_rep *as_reply; { + krb5_error_code retval; + /* check the contents for sanity: */ if (!as_reply->enc_part2->times.starttime) as_reply->enc_part2->times.starttime = @@ -245,11 +247,17 @@ verify_as_reply(context, time_now, request, as_reply) ) return KRB5_KDCREP_MODIFIED; - if ((request->from == 0) && - (labs(as_reply->enc_part2->times.starttime - time_now) - > context->clockskew)) - return (KRB5_KDCREP_SKEW); - + if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) { + retval = krb5_set_real_time(context, + as_reply->enc_part2->times.authtime, 0); + if (retval) + return retval; + } else { + if ((request->from == 0) && + (labs(as_reply->enc_part2->times.starttime - time_now) + > context->clockskew)) + return (KRB5_KDCREP_SKEW); + } return 0; } @@ -265,12 +273,6 @@ stash_as_reply(context, time_now, request, as_reply, creds, ccache) krb5_error_code retval; krb5_data * packet; - if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) - krb5_set_time_offsets(context, - (as_reply->enc_part2->times.authtime - - time_now), - 0); - /* XXX issue warning if as_reply->enc_part2->key_exp is nearby */ /* fill in the credentials */ |