diff options
| author | Theodore Tso <tytso@mit.edu> | 1995-11-08 21:59:00 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1995-11-08 21:59:00 +0000 |
| commit | 81e44bb850d061fda9bd2d5dbb2adcfd6212bb44 (patch) | |
| tree | 37a4a941cb287e30a10ff1c8dd28e183dbea658a /src/lib | |
| parent | 95cb5ad7ae562b9203fe746cb940587ed114f944 (diff) | |
| download | krb5-81e44bb850d061fda9bd2d5dbb2adcfd6212bb44.tar.gz krb5-81e44bb850d061fda9bd2d5dbb2adcfd6212bb44.tar.xz krb5-81e44bb850d061fda9bd2d5dbb2adcfd6212bb44.zip | |
* krbconfig.c: Removed the krb5_clockskew variable
* srv_rcache.c (krb5_get_server_rcache):
* rd_safe.c (krb5_rd_safe):
* rd_req_dec.c (krb5_rd_req_decoded):
* rd_priv.c (krb5_rd_priv):
* rd_cred.c (krb5_rd_cred):
* gc_via_tkt.c (krb5_get_cred_via_tkt):
* get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew with
context->clockskew.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7063 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 11 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gc_via_tkt.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/krbconfig.c | 1 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_cred.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_priv.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_req_dec.c | 8 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_safe.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/recvauth.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/srv_rcache.c | 4 |
10 files changed, 23 insertions, 20 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index cf9852d687..4f127349ca 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,5 +1,16 @@ Wed Nov 8 02:50:59 1995 Theodore Y. Ts'o <tytso@dcl> + * krbconfig.c: Removed the krb5_clockskew variable. + + * srv_rcache.c (krb5_get_server_rcache): + * rd_safe.c (krb5_rd_safe): + * rd_req_dec.c (krb5_rd_req_decoded): + * rd_priv.c (krb5_rd_priv): + * rd_cred.c (krb5_rd_cred): + * gc_via_tkt.c (krb5_get_cred_via_tkt): + * get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew + with context->clockskew. + * encrypt_tk.c (cleanup_scratch): Changed interface to no longer require an eblock; we can use our own and figure out the enctype from the passed-in key. diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index c37d39acde..ed52b00f6c 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -28,8 +28,7 @@ #include "k5-int.h" #include "int-proto.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date, now) (labs((date)-(now)) < krb5_clockskew) +#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) static krb5_error_code krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds) diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 3a71d89fcf..e1c253b208 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -55,8 +55,6 @@ */ -extern krb5_deltat krb5_clockskew; - /* some typedef's for the function args to make things look a bit cleaner */ typedef krb5_error_code (*git_key_proc) PROTOTYPE((krb5_context, @@ -264,7 +262,7 @@ verify_as_reply(context, time_now, request, as_reply) if ((request->from == 0) && (labs(as_reply->enc_part2->times.starttime - time_now) - > krb5_clockskew)) + > context->clockskew)) return (KRB5_KDCREP_SKEW); return 0; diff --git a/src/lib/krb5/krb/krbconfig.c b/src/lib/krb5/krb/krbconfig.c index 7401bd38fe..a3fdaf116f 100644 --- a/src/lib/krb5/krb/krbconfig.c +++ b/src/lib/krb5/krb/krbconfig.c @@ -26,6 +26,5 @@ #include "k5-int.h" -krb5_deltat krb5_clockskew = 5 * 60; /* five minutes */ krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD5; krb5_flags krb5_kdc_default_options = KDC_OPT_RENEWABLE_OK; diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c index 539a75c96b..44ffdfd9af 100644 --- a/src/lib/krb5/krb/rd_cred.c +++ b/src/lib/krb5/krb/rd_cred.c @@ -201,8 +201,7 @@ cleanup_cred: /*----------------------- krb5_rd_cred -----------------------*/ -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) /* * This functions takes as input an KRB_CRED message, validates it, and diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 9dd975e05f..7acb6f3f8c 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -28,8 +28,7 @@ #include "cleanup.h" #include "auth_con.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) /* diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 5167701d02..433fcb2a12 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -59,8 +59,7 @@ static krb5_error_code decrypt_authenticator PROTOTYPE((krb5_context, const krb5_ap_req *, krb5_authenticator **)); -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) static krb5_error_code krb5_rd_req_decrypt_tkt_part(context, req, keytab) @@ -236,7 +235,7 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab, if ((retval = krb5_timeofday(context, ¤ttime))) goto cleanup; - if (starttime - currenttime > krb5_clockskew) { + if (starttime - currenttime > context->clockskew) { retval = KRB5KRB_AP_ERR_TKT_NYV; /* ticket not yet valid */ goto cleanup; } @@ -244,7 +243,8 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab, retval = KRB5KRB_AP_ERR_SKEW; goto cleanup; } - if (currenttime - req->ticket->enc_part2->times.endtime > krb5_clockskew) { + if ((currenttime - req->ticket->enc_part2->times.endtime) > + context->clockskew) { retval = KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */ goto cleanup; } diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index df4b804bc2..7298605c05 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -28,8 +28,7 @@ #include "cleanup.h" #include "auth_con.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) /* parses a KRB_SAFE message from inbuf, placing the integrity-protected user diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index 2f86758625..3390d044c8 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -59,7 +59,6 @@ krb5_recvauth(context, auth_context, krb5_rcache rcache; krb5_octet response; krb5_data null_server; - extern krb5_deltat krb5_clockskew; /* * Zero out problem variable. If problem is set at the end of @@ -137,7 +136,7 @@ krb5_recvauth(context, auth_context, /* * Now, let's read the AP_REQ message and decode it */ - if (retval = krb5_read_message(context, fd, &inbuf)) + if ((retval = krb5_read_message(context, fd, &inbuf))) return retval; if (*auth_context == NULL) { diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index 0764c6e55a..aa2ac6563e 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -37,7 +37,6 @@ krb5_get_server_rcache(context, piece, rcptr) krb5_rcache rcache = 0; char *cachename = 0; char tmp[4]; - extern krb5_deltat krb5_clockskew; krb5_error_code retval; int len, p, i; @@ -88,7 +87,8 @@ krb5_get_server_rcache(context, piece, rcptr) * initialize it. */ if (krb5_rc_recover(context, rcache)) { - if ((retval = krb5_rc_initialize(context, rcache, krb5_clockskew))) { + if ((retval = krb5_rc_initialize(context, rcache, + context->clockskew))) { krb5_rc_close(context, rcache); rcache = 0; goto cleanup; |