Move time offset code from stash_as_reply to verify_as_reply, and fix

author Theodore Tso <tytso@mit.edu>

Fri, 12 Apr 1996 02:18:50 +0000 (02:18 +0000)

committer Theodore Tso <tytso@mit.edu>

Fri, 12 Apr 1996 02:18:50 +0000 (02:18 +0000)
author Theodore Tso <tytso@mit.edu>
Fri, 12 Apr 1996 02:18:50 +0000 (02:18 +0000)
committer Theodore Tso <tytso@mit.edu>
Fri, 12 Apr 1996 02:18:50 +0000 (02:18 +0000)
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog

index 232441e8cdfec6f3c3c9d726bf3bb361c2ab4443..62c92296a129991aaaec2f8b00156625190e91dd 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,9 @@
+Thu Apr 11 21:30:23 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+       * get_in_tkt.c (stash_as_reply, verify_as_reply): Move time offset
+               code from stash_as_reply to verify_as_reply, and fix it so
+               that it actually works.
+
  Wed Apr  3 16:04:36 1996  Theodore Y. Ts'o  <tytso@dcl>
  
         * rd_req_dec.c (krb5_rd_req_decoded): Move code which
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c

index 79c41086b98292785620c38a2a87978148952c17..891bff8561a9309ded3b9585137cff3bcaa92261 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -220,6 +220,8 @@ verify_as_reply(context, time_now, request, as_reply)
      krb5_kdc_req               *request;
      krb5_kdc_rep               *as_reply;
  {
+    krb5_error_code            retval;
+    
      /* check the contents for sanity: */
      if (!as_reply->enc_part2->times.starttime)
         as_reply->enc_part2->times.starttime =
@@ -245,11 +247,17 @@ verify_as_reply(context, time_now, request, as_reply)
         )
         return KRB5_KDCREP_MODIFIED;
  
-    if ((request->from == 0) &&
-       (labs(as_reply->enc_part2->times.starttime - time_now)
-        > context->clockskew))
-       return (KRB5_KDCREP_SKEW);
-
+    if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) {
+       retval = krb5_set_real_time(context,
+                                   as_reply->enc_part2->times.authtime, 0);
+       if (retval)
+           return retval;
+    } else {
+       if ((request->from == 0) &&
+           (labs(as_reply->enc_part2->times.starttime - time_now)
+            > context->clockskew))
+           return (KRB5_KDCREP_SKEW);
+    }
      return 0;
  }
  
@@ -265,12 +273,6 @@ stash_as_reply(context, time_now, request, as_reply, creds, ccache)
      krb5_error_code            retval;
      krb5_data *                        packet;
  
-   if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME)
-       krb5_set_time_offsets(context,
-                            (as_reply->enc_part2->times.authtime -
-                             time_now),
-                            0);
-
      /* XXX issue warning if as_reply->enc_part2->key_exp is nearby */
         
      /* fill in the credentials */
author	Theodore Tso <tytso@mit.edu>
	Fri, 12 Apr 1996 02:18:50 +0000 (02:18 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Fri, 12 Apr 1996 02:18:50 +0000 (02:18 +0000)
src/lib/krb5/krb/ChangeLog		patch \| blob \| history
src/lib/krb5/krb/get_in_tkt.c		patch \| blob \| history