From 3882d8ca5f0b82c3cc5baf751146fb2e3fafaa88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 22 Nov 2003 22:42:16 +0000 Subject: [PATCH] Don't require timestamp to be set on delegated token, its already protected by the outer token (and windows doesn't alway send it) Pointed out by Zi-Bin Yang on heimdal-discuss git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13128 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/accept_sec_context.c | 11 ++++++++++- lib/gssapi/krb5/accept_sec_context.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c index f06caf107..c8e38d92a 100644 --- a/lib/gssapi/accept_sec_context.c +++ b/lib/gssapi/accept_sec_context.c @@ -305,8 +305,8 @@ gsskrb5_accept_sec_context } if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - krb5_ccache ccache; + int32_t ac_flags; if (delegated_cred_handle == NULL) /* XXX Create a new delegated_cred_handle? */ @@ -364,10 +364,19 @@ gsskrb5_accept_sec_context goto end_fwd; } + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &ac_flags); + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); kret = krb5_rd_cred2(gssapi_krb5_context, (*context_handle)->auth_context, ccache, &fwd_data); + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + ac_flags); if (kret) { flags &= ~GSS_C_DELEG_FLAG; goto end_fwd; diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index f06caf107..c8e38d92a 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -305,8 +305,8 @@ gsskrb5_accept_sec_context } if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - krb5_ccache ccache; + int32_t ac_flags; if (delegated_cred_handle == NULL) /* XXX Create a new delegated_cred_handle? */ @@ -364,10 +364,19 @@ gsskrb5_accept_sec_context goto end_fwd; } + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &ac_flags); + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); kret = krb5_rd_cred2(gssapi_krb5_context, (*context_handle)->auth_context, ccache, &fwd_data); + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + ac_flags); if (kret) { flags &= ~GSS_C_DELEG_FLAG; goto end_fwd;