oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY

Browse Source 
this e_data field in a kerberos error packet tells windows to do clock
skew recovery.

See [MS-KILE] 2.2.1 KERB-ERROR-DATA

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Andrew Tridgell
2011-01-28 10:55:31 +01:00
committed by Love Hornquist Astrand
parent 8ce821c387
commit 9e1d467534
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -263,6 +263,10 @@ send_error_token(OM_uint32 *minor_status,
krb5_principal ap_req_server = NULL; krb5_principal ap_req_server = NULL;
krb5_error_code ret; krb5_error_code ret;
krb5_data outbuf; krb5_data outbuf;
/* this e_data value encodes KERB_AP_ERR_TYPE_SKEW_RECOVERY which
tells windows to try again with the corrected timestamp. See
[MS-KILE] 2.2.1 KERB-ERROR-DATA */
krb5_data e_data = { 7, rk_UNCONST("\x30\x05\xa1\x03\x02\x01\x02") };
/* build server from request if the acceptor had not selected one */ /* build server from request if the acceptor had not selected one */
if (server == NULL) { if (server == NULL) {
@@ -285,7 +289,7 @@ send_error_token(OM_uint32 *minor_status,
server = ap_req_server; server = ap_req_server;
} }
ret = krb5_mk_error(context, kret, NULL, NULL, NULL, ret = krb5_mk_error(context, kret, NULL, &e_data, NULL,
server, NULL, NULL, &outbuf); server, NULL, NULL, &outbuf);
if (ap_req_server) if (ap_req_server)
krb5_free_principal(context, ap_req_server); krb5_free_principal(context, ap_req_server);