diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index 7ded0bd3b..7eacc97a7 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -58,9 +58,13 @@ krb5_build_authenticator (krb5_context context, copy_Realm(&cred->client->realm, &auth->crealm); copy_PrincipalName(&cred->client->name, &auth->cname); - gettimeofday(&tv, NULL); - auth->cusec = tv.tv_usec; - auth->ctime = tv.tv_sec; + { + int32_t sec, usec; + + krb5_us_timeofday (context, &sec, &usec); + auth->ctime = sec; + auth->cusec = usec; + } #if 0 auth->subkey = NULL; #else diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 73cba8556..14a44f758 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -62,7 +62,7 @@ krb5_get_forwarded_creds (krb5_context context, size_t len; u_char buf[1024]; krb5_data enc_data; - struct timeval tv; + int32_t sec, usec; out_creds = malloc(sizeof(*out_creds)); if (out_creds == NULL) @@ -127,11 +127,12 @@ krb5_get_forwarded_creds (krb5_context context, enc_krb_cred_part.ticket_info.len = 1; ALLOC(enc_krb_cred_part.ticket_info.val, 1); - gettimeofday (&tv, NULL); + krb5_us_timeofday (context, &sec, &usec); + ALLOC(enc_krb_cred_part.timestamp, 1); - *enc_krb_cred_part.timestamp = tv.tv_sec; + *enc_krb_cred_part.timestamp = sec; ALLOC(enc_krb_cred_part.usec, 1); - *enc_krb_cred_part.usec = tv.tv_usec; + *enc_krb_cred_part.usec = usec; enc_krb_cred_part.s_address = NULL; /* XXX */ enc_krb_cred_part.r_address = NULL; /* XXX */ diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 2384853c7..96245c089 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -86,6 +86,9 @@ init_cred (krb5_context context, krb5_error_code ret; krb5_realm *client_realm; int tmp; + int32_t now; + + krb5_timeofday (context, &now); memset (cred, 0, sizeof(*cred)); @@ -101,7 +104,7 @@ init_cred (krb5_context context, client_realm = krb5_princ_realm (context, cred->client); if (start_time) - cred->times.starttime = time(NULL) + start_time; + cred->times.starttime = now + start_time; if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE) tmp = options->tkt_life; @@ -111,7 +114,7 @@ init_cred (krb5_context context, "ticket_lifetime", "10h"), NULL); - cred->times.endtime = time(NULL) + tmp; + cred->times.endtime = now + tmp; tmp = 0; if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) @@ -123,7 +126,7 @@ init_cred (krb5_context context, "0"), NULL); if (tmp) - cred->times.renew_till = time(NULL) + tmp; + cred->times.renew_till = now + tmp; if (in_tkt_service) { krb5_realm server_realm; @@ -160,11 +163,16 @@ print_expire (krb5_context context, { int i; LastReq *lr = &rep->part2.last_req; - time_t t = time(0) + parse_time(get_config_string (context, - *realm, - "warn_pwexpire", - "1 week"), - NULL); + int32_t sec; + time_t t; + + krb5_timeofday (context, &sec); + + t = sec + parse_time(get_config_string (context, + *realm, + "warn_pwexpire", + "1 week"), + NULL); for (i = 0; i < lr->len; ++i) { if (lr->val[i].lr_type == 6 diff --git a/lib/krb5/mk_error.c b/lib/krb5/mk_error.c index 1fc7509c0..618c276f9 100644 --- a/lib/krb5/mk_error.c +++ b/lib/krb5/mk_error.c @@ -52,15 +52,15 @@ krb5_mk_error(krb5_context context, { KRB_ERROR msg; unsigned char buf[1024]; - struct timeval tv; + int32_t sec, usec; + + krb5_us_timeofday (context, &sec, &usec); - gettimeofday (&tv, NULL); - memset(&msg, 0, sizeof(msg)); msg.pvno = 5; msg.msg_type = krb_error; - msg.stime = tv.tv_sec; - msg.susec = tv.tv_usec; + msg.stime = sec; + msg.susec = usec; if(ctime) { msg.ctime = &ctime; } diff --git a/lib/krb5/mk_priv.c b/lib/krb5/mk_priv.c index 45ac2b5f3..9ea797504 100644 --- a/lib/krb5/mk_priv.c +++ b/lib/krb5/mk_priv.c @@ -50,17 +50,16 @@ krb5_mk_priv(krb5_context context, krb5_error_code r; KRB_PRIV s; EncKrbPrivPart part; - struct timeval tv; - unsigned usec; u_char buf[1024]; size_t len; unsigned tmp_seq; krb5_keyblock *key; + int32_t sec, usec; + + krb5_us_timeofday (context, &sec, &usec); part.user_data = *userdata; - gettimeofday (&tv, NULL); - usec = tv.tv_usec; - part.timestamp = &tv.tv_sec; + part.timestamp = &sec; part.usec = &usec; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { tmp_seq = ++auth_context->local_seqnumber; diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c index c9c194ab0..c77d6e954 100644 --- a/lib/krb5/mk_safe.c +++ b/lib/krb5/mk_safe.c @@ -49,8 +49,7 @@ krb5_mk_safe(krb5_context context, { krb5_error_code r; KRB_SAFE s; - struct timeval tv; - unsigned usec; + int32_t sec, usec; u_char buf[1024]; size_t len; unsigned tmp_seq; @@ -59,9 +58,9 @@ krb5_mk_safe(krb5_context context, s.msg_type = krb_safe; s.safe_body.user_data = *userdata; - gettimeofday (&tv, NULL); - usec = tv.tv_usec; - s.safe_body.timestamp = &tv.tv_sec; + krb5_us_timeofday (context, &sec, &usec); + + s.safe_body.timestamp = &sec; s.safe_body.usec = &usec; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { tmp_seq = ++auth_context->local_seqnumber; diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index f27c20aff..e58440e68 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -108,12 +108,13 @@ krb5_rd_cred (krb5_context context, /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { - struct timeval tv; + int32_t sec; + + krb5_timeofday (context, &sec); - gettimeofday (&tv, NULL); if (enc_krb_cred_part.timestamp == NULL || enc_krb_cred_part.usec == NULL || - abs(*enc_krb_cred_part.timestamp - tv.tv_sec) + abs(*enc_krb_cred_part.timestamp - sec) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; goto out; diff --git a/lib/krb5/rd_priv.c b/lib/krb5/rd_priv.c index 90539958f..54ae6724c 100644 --- a/lib/krb5/rd_priv.c +++ b/lib/krb5/rd_priv.c @@ -113,12 +113,12 @@ krb5_rd_priv(krb5_context context, /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { - struct timeval tv; + int32_t sec; - gettimeofday (&tv, NULL); + krb5_timeofday (context, &sec); if (part.timestamp == NULL || part.usec == NULL || - abs(*part.timestamp - tv.tv_sec) > context->max_skew) { + abs(*part.timestamp - sec) > context->max_skew) { r = KRB5KRB_AP_ERR_SKEW; goto failure_part; } diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index df280e4db..afd77e305 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -214,8 +214,10 @@ krb5_verify_ap_req(krb5_context context, } { - time_t now = time (NULL); + int32_t now; time_t start = t.ticket.authtime; + + krb5_timeofday (context, &now); if(t.ticket.starttime) start = *t.ticket.starttime; if(start - now > context->max_skew || t.ticket.flags.invalid) @@ -245,7 +247,6 @@ krb5_rd_req_with_keyblock(krb5_context context, krb5_error_code ret; krb5_ap_req ap_req; size_t len; - struct timeval now; if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index e7f6d5ccb..54e4a6fc7 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -92,12 +92,13 @@ krb5_rd_safe(krb5_context context, /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { - struct timeval tv; + int32_t sec; + + krb5_timeofday (context, &sec); - gettimeofday (&tv, NULL); if (safe.safe_body.timestamp == NULL || safe.safe_body.usec == NULL || - abs(*safe.safe_body.timestamp - tv.tv_sec) > context->max_skew) { + abs(*safe.safe_body.timestamp - sec) > context->max_skew) { r = KRB5KRB_AP_ERR_SKEW; goto failure; }