(krb5_context);
krb5_error_code krb5_set_time_offsets
(krb5_context, krb5_timestamp, krb5_int32);
+krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
/*
* The realm iterator functions
*/
/*----------------------- krb5_rd_cred -----------------------*/
-#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
-
/*
* This functions takes as input an KRB_CRED message, validates it, and
* outputs the nonce and an array of the forwarded credentials.
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- krb5_timestamp currenttime;
-
- if ((retval = krb5_timeofday(context, ¤ttime)))
- goto error;
- if (!in_clock_skew(replaydata.timestamp)) {
- retval = KRB5KRB_AP_ERR_SKEW;
+ if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
goto error;
- }
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
"_forw", &replay.client)))
/*
* lib/krb5/krb/rd_priv.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include "cleanup.h"
#include "auth_con.h"
-#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
-
/*
Parses a KRB_PRIV message from inbuf, placing the confidential user
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- krb5_timestamp currenttime;
-
- if ((retval = krb5_timeofday(context, ¤ttime)))
- goto error;
- if (!in_clock_skew(replaydata.timestamp)) {
- retval = KRB5KRB_AP_ERR_SKEW;
+ if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
goto error;
- }
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
"_priv", &replay.client)))
(krb5_context, const krb5_ap_req *, krb5_authenticator **,
int);
-#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
+krb5_error_code
+krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
+{
+ krb5_timestamp currenttime;
+ krb5_error_code retval;
+
+ retval = krb5_timeofday(context, ¤ttime);
+ if (retval)
+ return retval;
+ if (!(labs((date)-currenttime) < context->clockskew))
+ return KRB5KRB_AP_ERR_SKEW;
+ return 0;
+}
static krb5_error_code
krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req,
krb5_ticket **ticket, int check_valid_flag)
{
krb5_error_code retval = 0;
- krb5_timestamp currenttime;
krb5_principal_data princ_data;
req->ticket->enc_part2 = NULL;
if (retval != 0)
goto cleanup;
- if ((retval = krb5_timeofday(context, ¤ttime)))
- goto cleanup;
-
- if (!in_clock_skew((*auth_context)->authentp->ctime)) {
- retval = KRB5KRB_AP_ERR_SKEW;
+ if ((retval = krb5int_check_clockskew(context, (*auth_context)->authentp->ctime)))
goto cleanup;
- }
if (check_valid_flag) {
if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) {
/*
* lib/krb5/krb/rd_safe.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#include "cleanup.h"
#include "auth_con.h"
-#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
-
/*
parses a KRB_SAFE message from inbuf, placing the integrity-protected user
data in *outbuf.
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- krb5_timestamp currenttime;
-
- if ((retval = krb5_timeofday(context, ¤ttime)))
- goto error;
- if (!in_clock_skew(replaydata.timestamp)) {
- retval = KRB5KRB_AP_ERR_SKEW;
+ if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
goto error;
- }
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
"_safe", &replay.client)))
projects / krb5.git / commitdiff