Rename krb5int_check_clockskew to krb5_check_clockskew and make it
public, in order to give kdcpreauth plugins a way to check timestamps
against the configured clock skew.
ticket: 6996
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424
dc483132-0cff-0310-8789-
dd5450dbe970
krb5_error_code krb5_use_natural_time(krb5_context);
krb5_error_code krb5_set_time_offsets(krb5_context, krb5_timestamp,
krb5_int32);
-krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
/*
* The realm iterator functions
*/
krb5_error_code KRB5_CALLCONV
krb5_timeofday(krb5_context context, register krb5_timestamp *timeret);
+/**
+ * Check if a timestamp is within the allowed clock skew of the current time.
+ *
+ * @param [in] context Library context
+ * @param [in] date Timestamp to check
+ *
+ * This function checks if @a date is close enough to the current time
+ * according to the configured allowable clock skew.
+ *
+ * @retval 0 Success
+ * @retval KRB5KRB_AP_ERR_SKEW @a date is not within allowable clock skew
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_check_clockskew(krb5_context context, krb5_timestamp date);
+
/**
* Return all interface addresses for this host.
*
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+ if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
goto error;
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+ if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
goto error;
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
if (retval != 0)
goto cleanup;
- if ((retval = krb5int_check_clockskew(context, (*auth_context)->authentp->ctime)))
+ if ((retval = krb5_check_clockskew(context, (*auth_context)->authentp->ctime)))
goto cleanup;
if (check_valid_flag) {
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+ if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
goto error;
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
krb5_cccol_cursor_next
krb5_change_cache
krb5_change_password
+krb5_check_clockskew
krb5_check_transited_list
krb5_chpw_result_code_string
krb5_clear_error_message
return 0;
}
-krb5_error_code
-krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
+krb5_error_code KRB5_CALLCONV
+krb5_check_clockskew(krb5_context context, krb5_timestamp date)
{
krb5_timestamp currenttime;
krb5_error_code retval;
krb5_cc_select @394
krb5_pac_sign @395
krb5_find_authdata @396
+ krb5_check_clockskew @397