use krb5_timeofday and krb5_us_timeofday
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2927 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -58,9 +58,13 @@ krb5_build_authenticator (krb5_context context,
|
||||
copy_Realm(&cred->client->realm, &auth->crealm);
|
||||
copy_PrincipalName(&cred->client->name, &auth->cname);
|
||||
|
||||
gettimeofday(&tv, NULL);
|
||||
auth->cusec = tv.tv_usec;
|
||||
auth->ctime = tv.tv_sec;
|
||||
{
|
||||
int32_t sec, usec;
|
||||
|
||||
krb5_us_timeofday (context, &sec, &usec);
|
||||
auth->ctime = sec;
|
||||
auth->cusec = usec;
|
||||
}
|
||||
#if 0
|
||||
auth->subkey = NULL;
|
||||
#else
|
||||
|
||||
@@ -62,7 +62,7 @@ krb5_get_forwarded_creds (krb5_context context,
|
||||
size_t len;
|
||||
u_char buf[1024];
|
||||
krb5_data enc_data;
|
||||
struct timeval tv;
|
||||
int32_t sec, usec;
|
||||
|
||||
out_creds = malloc(sizeof(*out_creds));
|
||||
if (out_creds == NULL)
|
||||
@@ -127,11 +127,12 @@ krb5_get_forwarded_creds (krb5_context context,
|
||||
enc_krb_cred_part.ticket_info.len = 1;
|
||||
ALLOC(enc_krb_cred_part.ticket_info.val, 1);
|
||||
|
||||
gettimeofday (&tv, NULL);
|
||||
krb5_us_timeofday (context, &sec, &usec);
|
||||
|
||||
ALLOC(enc_krb_cred_part.timestamp, 1);
|
||||
*enc_krb_cred_part.timestamp = tv.tv_sec;
|
||||
*enc_krb_cred_part.timestamp = sec;
|
||||
ALLOC(enc_krb_cred_part.usec, 1);
|
||||
*enc_krb_cred_part.usec = tv.tv_usec;
|
||||
*enc_krb_cred_part.usec = usec;
|
||||
|
||||
enc_krb_cred_part.s_address = NULL; /* XXX */
|
||||
enc_krb_cred_part.r_address = NULL; /* XXX */
|
||||
|
||||
@@ -86,6 +86,9 @@ init_cred (krb5_context context,
|
||||
krb5_error_code ret;
|
||||
krb5_realm *client_realm;
|
||||
int tmp;
|
||||
int32_t now;
|
||||
|
||||
krb5_timeofday (context, &now);
|
||||
|
||||
memset (cred, 0, sizeof(*cred));
|
||||
|
||||
@@ -101,7 +104,7 @@ init_cred (krb5_context context,
|
||||
client_realm = krb5_princ_realm (context, cred->client);
|
||||
|
||||
if (start_time)
|
||||
cred->times.starttime = time(NULL) + start_time;
|
||||
cred->times.starttime = now + start_time;
|
||||
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
|
||||
tmp = options->tkt_life;
|
||||
@@ -111,7 +114,7 @@ init_cred (krb5_context context,
|
||||
"ticket_lifetime",
|
||||
"10h"),
|
||||
NULL);
|
||||
cred->times.endtime = time(NULL) + tmp;
|
||||
cred->times.endtime = now + tmp;
|
||||
|
||||
tmp = 0;
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
|
||||
@@ -123,7 +126,7 @@ init_cred (krb5_context context,
|
||||
"0"),
|
||||
NULL);
|
||||
if (tmp)
|
||||
cred->times.renew_till = time(NULL) + tmp;
|
||||
cred->times.renew_till = now + tmp;
|
||||
|
||||
if (in_tkt_service) {
|
||||
krb5_realm server_realm;
|
||||
@@ -160,7 +163,12 @@ print_expire (krb5_context context,
|
||||
{
|
||||
int i;
|
||||
LastReq *lr = &rep->part2.last_req;
|
||||
time_t t = time(0) + parse_time(get_config_string (context,
|
||||
int32_t sec;
|
||||
time_t t;
|
||||
|
||||
krb5_timeofday (context, &sec);
|
||||
|
||||
t = sec + parse_time(get_config_string (context,
|
||||
*realm,
|
||||
"warn_pwexpire",
|
||||
"1 week"),
|
||||
|
||||
@@ -52,15 +52,15 @@ krb5_mk_error(krb5_context context,
|
||||
{
|
||||
KRB_ERROR msg;
|
||||
unsigned char buf[1024];
|
||||
struct timeval tv;
|
||||
int32_t sec, usec;
|
||||
|
||||
gettimeofday (&tv, NULL);
|
||||
krb5_us_timeofday (context, &sec, &usec);
|
||||
|
||||
memset(&msg, 0, sizeof(msg));
|
||||
msg.pvno = 5;
|
||||
msg.msg_type = krb_error;
|
||||
msg.stime = tv.tv_sec;
|
||||
msg.susec = tv.tv_usec;
|
||||
msg.stime = sec;
|
||||
msg.susec = usec;
|
||||
if(ctime) {
|
||||
msg.ctime = &ctime;
|
||||
}
|
||||
|
||||
@@ -50,17 +50,16 @@ krb5_mk_priv(krb5_context context,
|
||||
krb5_error_code r;
|
||||
KRB_PRIV s;
|
||||
EncKrbPrivPart part;
|
||||
struct timeval tv;
|
||||
unsigned usec;
|
||||
u_char buf[1024];
|
||||
size_t len;
|
||||
unsigned tmp_seq;
|
||||
krb5_keyblock *key;
|
||||
int32_t sec, usec;
|
||||
|
||||
krb5_us_timeofday (context, &sec, &usec);
|
||||
|
||||
part.user_data = *userdata;
|
||||
gettimeofday (&tv, NULL);
|
||||
usec = tv.tv_usec;
|
||||
part.timestamp = &tv.tv_sec;
|
||||
part.timestamp = &sec;
|
||||
part.usec = &usec;
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
|
||||
tmp_seq = ++auth_context->local_seqnumber;
|
||||
|
||||
@@ -49,8 +49,7 @@ krb5_mk_safe(krb5_context context,
|
||||
{
|
||||
krb5_error_code r;
|
||||
KRB_SAFE s;
|
||||
struct timeval tv;
|
||||
unsigned usec;
|
||||
int32_t sec, usec;
|
||||
u_char buf[1024];
|
||||
size_t len;
|
||||
unsigned tmp_seq;
|
||||
@@ -59,9 +58,9 @@ krb5_mk_safe(krb5_context context,
|
||||
s.msg_type = krb_safe;
|
||||
|
||||
s.safe_body.user_data = *userdata;
|
||||
gettimeofday (&tv, NULL);
|
||||
usec = tv.tv_usec;
|
||||
s.safe_body.timestamp = &tv.tv_sec;
|
||||
krb5_us_timeofday (context, &sec, &usec);
|
||||
|
||||
s.safe_body.timestamp = &sec;
|
||||
s.safe_body.usec = &usec;
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
|
||||
tmp_seq = ++auth_context->local_seqnumber;
|
||||
|
||||
@@ -108,12 +108,13 @@ krb5_rd_cred (krb5_context context,
|
||||
|
||||
/* check timestamp */
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
|
||||
struct timeval tv;
|
||||
int32_t sec;
|
||||
|
||||
krb5_timeofday (context, &sec);
|
||||
|
||||
gettimeofday (&tv, NULL);
|
||||
if (enc_krb_cred_part.timestamp == NULL ||
|
||||
enc_krb_cred_part.usec == NULL ||
|
||||
abs(*enc_krb_cred_part.timestamp - tv.tv_sec)
|
||||
abs(*enc_krb_cred_part.timestamp - sec)
|
||||
> context->max_skew) {
|
||||
ret = KRB5KRB_AP_ERR_SKEW;
|
||||
goto out;
|
||||
|
||||
@@ -113,12 +113,12 @@ krb5_rd_priv(krb5_context context,
|
||||
|
||||
/* check timestamp */
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
|
||||
struct timeval tv;
|
||||
int32_t sec;
|
||||
|
||||
gettimeofday (&tv, NULL);
|
||||
krb5_timeofday (context, &sec);
|
||||
if (part.timestamp == NULL ||
|
||||
part.usec == NULL ||
|
||||
abs(*part.timestamp - tv.tv_sec) > context->max_skew) {
|
||||
abs(*part.timestamp - sec) > context->max_skew) {
|
||||
r = KRB5KRB_AP_ERR_SKEW;
|
||||
goto failure_part;
|
||||
}
|
||||
|
||||
@@ -214,8 +214,10 @@ krb5_verify_ap_req(krb5_context context,
|
||||
}
|
||||
|
||||
{
|
||||
time_t now = time (NULL);
|
||||
int32_t now;
|
||||
time_t start = t.ticket.authtime;
|
||||
|
||||
krb5_timeofday (context, &now);
|
||||
if(t.ticket.starttime)
|
||||
start = *t.ticket.starttime;
|
||||
if(start - now > context->max_skew || t.ticket.flags.invalid)
|
||||
@@ -245,7 +247,6 @@ krb5_rd_req_with_keyblock(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
krb5_ap_req ap_req;
|
||||
size_t len;
|
||||
struct timeval now;
|
||||
|
||||
if (*auth_context == NULL) {
|
||||
ret = krb5_auth_con_init(context, auth_context);
|
||||
|
||||
@@ -92,12 +92,13 @@ krb5_rd_safe(krb5_context context,
|
||||
|
||||
/* check timestamp */
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
|
||||
struct timeval tv;
|
||||
int32_t sec;
|
||||
|
||||
krb5_timeofday (context, &sec);
|
||||
|
||||
gettimeofday (&tv, NULL);
|
||||
if (safe.safe_body.timestamp == NULL ||
|
||||
safe.safe_body.usec == NULL ||
|
||||
abs(*safe.safe_body.timestamp - tv.tv_sec) > context->max_skew) {
|
||||
abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
|
||||
r = KRB5KRB_AP_ERR_SKEW;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user