diff options
author | Ken Raeburn <raeburn@mit.edu> | 2007-07-20 08:51:58 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2007-07-20 08:51:58 +0000 |
commit | 4281165e025620782ea39bdca77aaf65cd704899 (patch) | |
tree | b4846a3416e52f963984a892cf17f10cfb4b48f3 /src/lib/krb5/krb/rd_req_dec.c | |
parent | eec1bd8aa5fefd66deca49ebc38037d82818615d (diff) | |
download | krb5-4281165e025620782ea39bdca77aaf65cd704899.tar.gz krb5-4281165e025620782ea39bdca77aaf65cd704899.tar.xz krb5-4281165e025620782ea39bdca77aaf65cd704899.zip |
Pull out code for looking up the current time, comparing the offset of
a supplied timestamp against the configured maximum clock skew, and
possibly generating an error message, into a separate routine.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/rd_req_dec.c')
-rw-r--r-- | src/lib/krb5/krb/rd_req_dec.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 6d68cd922..d672b8b7e 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -63,7 +63,19 @@ static krb5_error_code decrypt_authenticator (krb5_context, const krb5_ap_req *, krb5_authenticator **, int); -#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) +krb5_error_code +krb5int_check_clockskew(krb5_context context, krb5_timestamp date) +{ + krb5_timestamp currenttime; + krb5_error_code retval; + + retval = krb5_timeofday(context, ¤ttime); + if (retval) + return retval; + if (!(labs((date)-currenttime) < context->clockskew)) + return KRB5KRB_AP_ERR_SKEW; + return 0; +} static krb5_error_code krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req, @@ -94,7 +106,6 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_ticket **ticket, int check_valid_flag) { krb5_error_code retval = 0; - krb5_timestamp currenttime; krb5_principal_data princ_data; req->ticket->enc_part2 = NULL; @@ -246,13 +257,8 @@ goto cleanup; if (retval != 0) goto cleanup; - if ((retval = krb5_timeofday(context, ¤ttime))) - goto cleanup; - - if (!in_clock_skew((*auth_context)->authentp->ctime)) { - retval = KRB5KRB_AP_ERR_SKEW; + if ((retval = krb5int_check_clockskew(context, (*auth_context)->authentp->ctime))) goto cleanup; - } if (check_valid_flag) { if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) { |