From 8c87a006a4ab0c3201b23772967288ea6c8d1247 Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Sun, 8 Oct 2000 18:35:19 +0000
Subject: [PATCH] (do_authenticate): check for time skew

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9110 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kaserver.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kdc/kaserver.c b/kdc/kaserver.c
index 5cfac8f2d..2f8a3ba7b 100644
--- a/kdc/kaserver.c
+++ b/kdc/kaserver.c
@@ -469,6 +469,11 @@ do_authenticate (struct rx_header *hdr,
     krb5_ret_int32 (reply_sp, &chal);
     krb5_storage_free (reply_sp);
 
+    if (abs(chal - kdc_time) > context->max_skew) {
+	make_error_reply (hdr, KACLOCKSKEW, reply);
+	goto out;
+    }
+
     /* life */
     max_life = end_time - kdc_time;
     if (client_entry->max_life)