(init_auth): if the cred is expired before we tries to create a token,
fail so the peer doesn't need reject us (*): make sure time is returned in seconds from now, not in kerberos time (repl_mutual): remember to unlock the context mutex git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12345 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -193,6 +193,7 @@ init_auth
|
||||
Checksum cksum;
|
||||
krb5_enctype enctype;
|
||||
krb5_data fwd_data;
|
||||
OM_uint32 lifetime_rec;
|
||||
|
||||
krb5_data_zero(&outbuf);
|
||||
krb5_data_zero(&fwd_data);
|
||||
@@ -309,6 +310,19 @@ init_auth
|
||||
|
||||
(*context_handle)->lifetime = cred->times.endtime;
|
||||
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
&lifetime_rec);
|
||||
if (ret) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (lifetime_rec == 0) {
|
||||
*minor_status = 0;
|
||||
ret = GSS_S_CONTEXT_EXPIRED;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
krb5_auth_con_setkey(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&cred->session);
|
||||
@@ -414,7 +428,7 @@ init_auth
|
||||
return GSS_S_CONTINUE_NEEDED;
|
||||
} else {
|
||||
if (time_rec)
|
||||
*time_rec = (*context_handle)->lifetime;
|
||||
*time_rec = lifetime_rec;
|
||||
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
return GSS_S_COMPLETE;
|
||||
@@ -489,13 +503,19 @@ repl_mutual
|
||||
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
|
||||
if (time_rec)
|
||||
*time_rec = (*context_handle)->lifetime;
|
||||
*minor_status = 0;
|
||||
if (time_rec) {
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
time_rec);
|
||||
} else {
|
||||
ret = GSS_S_COMPLETE;
|
||||
}
|
||||
if (ret_flags)
|
||||
*ret_flags = (*context_handle)->flags;
|
||||
HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -193,6 +193,7 @@ init_auth
|
||||
Checksum cksum;
|
||||
krb5_enctype enctype;
|
||||
krb5_data fwd_data;
|
||||
OM_uint32 lifetime_rec;
|
||||
|
||||
krb5_data_zero(&outbuf);
|
||||
krb5_data_zero(&fwd_data);
|
||||
@@ -309,6 +310,19 @@ init_auth
|
||||
|
||||
(*context_handle)->lifetime = cred->times.endtime;
|
||||
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
&lifetime_rec);
|
||||
if (ret) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (lifetime_rec == 0) {
|
||||
*minor_status = 0;
|
||||
ret = GSS_S_CONTEXT_EXPIRED;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
krb5_auth_con_setkey(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&cred->session);
|
||||
@@ -414,7 +428,7 @@ init_auth
|
||||
return GSS_S_CONTINUE_NEEDED;
|
||||
} else {
|
||||
if (time_rec)
|
||||
*time_rec = (*context_handle)->lifetime;
|
||||
*time_rec = lifetime_rec;
|
||||
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
return GSS_S_COMPLETE;
|
||||
@@ -489,13 +503,19 @@ repl_mutual
|
||||
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
|
||||
if (time_rec)
|
||||
*time_rec = (*context_handle)->lifetime;
|
||||
*minor_status = 0;
|
||||
if (time_rec) {
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
time_rec);
|
||||
} else {
|
||||
ret = GSS_S_COMPLETE;
|
||||
}
|
||||
if (ret_flags)
|
||||
*ret_flags = (*context_handle)->flags;
|
||||
HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user