diff options
| author | Nate Rosenblum <nater@maginatics.com> | 2012-08-29 11:16:11 -0700 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-08-31 11:13:17 -0400 |
| commit | 79b78773ee4e9219185c71907256a92e06ec5b57 (patch) | |
| tree | eeee0e11609e52e13db467230728fae048711748 /src | |
| parent | b0b7eeb8ddb6fc3fde9bbebe9aa3069e7577e04c (diff) | |
| download | krb5-79b78773ee4e9219185c71907256a92e06ec5b57.tar.gz krb5-79b78773ee4e9219185c71907256a92e06ec5b57.tar.xz krb5-79b78773ee4e9219185c71907256a92e06ec5b57.zip | |
Support kdc_timesync offsets in memory ccache
When using v4 file credentials caches, client clock skew offsets
obtained when running with the kdc_timesync option set are persisted in
the ccache. This allows the offsets to be used across separate contexts,
e.g. when obtaining credentials using krb5 interfaces and subsequently
importing those credentials for use in gssapi. This patch adds similar
support for memory credentials caches.
[ghudson@mit.edu: Minor style corrections.]
ticket: 7346 (new)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/ccache/cc_memory.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index 07d9261444..aa3d89d7d9 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -110,6 +110,9 @@ typedef struct _krb5_mcc_data { krb5_principal prin; krb5_mcc_cursor link; krb5_timestamp changetime; + /* Time offsets for clock-skewed clients. */ + krb5_int32 time_offset; + krb5_int32 usec_offset; } krb5_mcc_data; /* List of memory caches. */ @@ -144,6 +147,7 @@ static void krb5_mcc_free (krb5_context context, krb5_ccache id); krb5_error_code KRB5_CALLCONV krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { + krb5_os_context os_ctx = &context->os_context; krb5_error_code ret; krb5_mcc_data *d; @@ -159,6 +163,12 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) &d->prin); update_mcc_change_time(d); + if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { + /* Store client time offsets in the cache */ + d->time_offset = os_ctx->time_offset; + d->usec_offset = os_ctx->usec_offset; + } + k5_cc_mutex_unlock(context, &d->lock); if (ret == KRB5_OK) krb5_change_cache(); @@ -265,6 +275,7 @@ static krb5_error_code new_mcc_data (const char *, krb5_mcc_data **); krb5_error_code KRB5_CALLCONV krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) { + krb5_os_context os_ctx = &context->os_context; krb5_ccache lid; krb5_mcc_list_node *ptr; krb5_error_code err; @@ -291,6 +302,15 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) if (lid == NULL) return KRB5_CC_NOMEM; + if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) && + !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) { + /* Use the time offset from the cache entry */ + os_ctx->time_offset = d->time_offset; + os_ctx->usec_offset = d->usec_offset; + os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | + KRB5_OS_TOFFSET_VALID); + } + lid->ops = &krb5_mcc_ops; lid->data = d; *id = lid; @@ -421,6 +441,8 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr) d->link = NULL; d->prin = NULL; d->changetime = 0; + d->time_offset = 0; + d->usec_offset = 0; update_mcc_change_time(d); n = malloc(sizeof(krb5_mcc_list_node)); |