diff options
| author | Theodore Tso <tytso@mit.edu> | 1996-04-10 14:39:36 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1996-04-10 14:39:36 +0000 |
| commit | 6f5f29a4fe2724e0a18dd91464a25bb45b952532 (patch) | |
| tree | 4527dcb590877f258df53449d960832b4fc6db9b /src/lib/krb5/krb/valid_times.c | |
| parent | aa0a6f486cd26c6c01bd3d58df6d0dd6b9a07a76 (diff) | |
| download | krb5-6f5f29a4fe2724e0a18dd91464a25bb45b952532.tar.gz krb5-6f5f29a4fe2724e0a18dd91464a25bb45b952532.tar.xz krb5-6f5f29a4fe2724e0a18dd91464a25bb45b952532.zip | |
rd_req_dec.c (krb5_rd_req_decoded): Move code which validated the
ticket times to krb5_validate_times.
valid_times.c (krb5_validate_times): New function which determines
whether or not the ticket times are valid.
mk_req_ext.c (krb5_mk_req_extended): Call krb5_validate_time() to
determine whether or not the ticket in passed-in credentials is valid.
If it isn't, return an error right away.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7777 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/valid_times.c')
| -rw-r--r-- | src/lib/krb5/krb/valid_times.c | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/valid_times.c b/src/lib/krb5/krb/valid_times.c new file mode 100644 index 000000000..b1e26ced7 --- /dev/null +++ b/src/lib/krb5/krb/valid_times.c @@ -0,0 +1,62 @@ +/* + * lib/krb5/krb/valid_times.c + * + * Copyright 1995 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5_validate_times() + */ + +#include "k5-int.h" + +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) + +/* + * This is an internal routine which validates the krb5_timestamps + * field in a krb5_ticket. + */ + +krb5_error_code krb5_validate_times(context, times) + krb5_context context; + krb5_ticket_times * times; +{ + krb5_timestamp currenttime, starttime; + krb5_error_code retval; + + if ((retval = krb5_timeofday(context, ¤ttime))) + return retval; + + /* if starttime is not in ticket, then treat it as authtime */ + if (times->starttime != 0) + starttime = times->starttime; + else + starttime = times->authtime; + + if (starttime - currenttime > context->clockskew) + return KRB5KRB_AP_ERR_TKT_NYV; /* ticket not yet valid */ + + if ((currenttime - times->endtime) > context->clockskew) + return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */ + + return 0; +} + + + |