Add expiration time checks

Check Maxlife for challenge response messages. Also add a Maximum lifetime for the context itself based on the same challene/response maximum life. According to MS-NLMP MaxLifetime is 36h on modern Windows OSs, use the same for now.
author: Simo Sorce <simo@redhat.com> 2013-07-21 01:43:54 -0400
committer: Simo Sorce <simo@redhat.com> 2013-07-28 13:17:51 -0400
commit: bb3affefc2b8f4c9613a43f7a497ca2d2af34462 (patch)
tree: 0d045d6fc48f63cc958517d076900c6dff6cbc80 /src/gss_ntlmssp.h
parent: ba8c09800ef820e4b348c2e034fb9aa602463ff3 (diff)
download: gss-ntlmssp-bb3affefc2b8f4c9613a43f7a497ca2d2af34462.tar.gz
gss-ntlmssp-bb3affefc2b8f4c9613a43f7a497ca2d2af34462.tar.xz
gss-ntlmssp-bb3affefc2b8f4c9613a43f7a497ca2d2af34462.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h
index 334351a..5eb8bf6 100644
--- a/src/gss_ntlmssp.h
+++ b/src/gss_ntlmssp.h
@@ -21,6 +21,8 @@
 #include "ntlm.h"
 #include "crypto.h"
 
+#define MAX_CHALRESP_LIFETIME 36 * 60 * 60 /* 36 hours in seconds */
+
 #define SEC_LEVEL_MIN 0
 #define SEC_LEVEL_MAX 5
 
@@ -125,6 +127,8 @@ struct gssntlm_ctx {
     struct ntlm_key exported_session_key;
     struct gssntlm_signseal send;
     struct gssntlm_signseal recv;
+
+    time_t expiration_time;
 };
 
 uint8_t gssntlm_required_security(int security_level,
author	Simo Sorce <simo@redhat.com>	2013-07-21 01:43:54 -0400
committer	Simo Sorce <simo@redhat.com>	2013-07-28 13:17:51 -0400
commit	bb3affefc2b8f4c9613a43f7a497ca2d2af34462 (patch)
tree	0d045d6fc48f63cc958517d076900c6dff6cbc80 /src/gss_ntlmssp.h
parent	ba8c09800ef820e4b348c2e034fb9aa602463ff3 (diff)
download	gss-ntlmssp-bb3affefc2b8f4c9613a43f7a497ca2d2af34462.tar.gz gss-ntlmssp-bb3affefc2b8f4c9613a43f7a497ca2d2af34462.tar.xz gss-ntlmssp-bb3affefc2b8f4c9613a43f7a497ca2d2af34462.zip