* krbconfig.c: Removed the krb5_clockskew variable

* srv_rcache.c (krb5_get_server_rcache):
* rd_safe.c (krb5_rd_safe):
* rd_req_dec.c (krb5_rd_req_decoded):
* rd_priv.c (krb5_rd_priv):
* rd_cred.c (krb5_rd_cred):
* gc_via_tkt.c (krb5_get_cred_via_tkt):
* get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew with
	context->clockskew.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7063 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index cf9852d687df2b2746ad079e908a44494b1f3116..4f127349ca61bb1f1e9e9fb938f21b9d141ac9e7 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,5 +1,16 @@
 Wed Nov  8 02:50:59 1995  Theodore Y. Ts'o  <tytso@dcl>
 
+       * krbconfig.c: Removed the krb5_clockskew variable.
+
+       * srv_rcache.c (krb5_get_server_rcache): 
+       * rd_safe.c (krb5_rd_safe): 
+       * rd_req_dec.c (krb5_rd_req_decoded): 
+       * rd_priv.c (krb5_rd_priv): 
+       * rd_cred.c (krb5_rd_cred): 
+       * gc_via_tkt.c (krb5_get_cred_via_tkt): 
+       * get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew
+               with context->clockskew.
+
        * encrypt_tk.c (cleanup_scratch): Changed interface to no longer
                require an eblock; we can use our own and figure out the
                enctype from the passed-in key.

diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index c37d39acde63b7bfab9b3bd533a8f14967ac8eab..ed52b00f6c7200d73a715a09da0d2c2036511836 100644 (file)
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -28,8 +28,7 @@
 #include "k5-int.h"
 #include "int-proto.h"
 
-extern krb5_deltat krb5_clockskew;
-#define in_clock_skew(date, now) (labs((date)-(now)) < krb5_clockskew)
+#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
 
 static krb5_error_code
 krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 3a71d89fcf78ad78b2e03836e43cb4b58cec8929..e1c253b208a16d9c73d0ae86ffbca74bdbeae9d3 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -55,8 +55,6 @@
  */
 
 
-extern krb5_deltat krb5_clockskew;
-
 /* some typedef's for the function args to make things look a bit cleaner */
 
 typedef krb5_error_code (*git_key_proc) PROTOTYPE((krb5_context,
@@ -264,7 +262,7 @@ verify_as_reply(context, time_now, request, as_reply)
 
     if ((request->from == 0) &&
        (labs(as_reply->enc_part2->times.starttime - time_now)
-        > krb5_clockskew))
+        > context->clockskew))
        return (KRB5_KDCREP_SKEW);
 
     return 0;

diff --git a/src/lib/krb5/krb/krbconfig.c b/src/lib/krb5/krb/krbconfig.c
index 7401bd38feb666aab48d265cb984d38e8f1d1bf4..a3fdaf116fdee85a6b5e5a90639bd90237495228 100644 (file)
--- a/src/lib/krb5/krb/krbconfig.c
+++ b/src/lib/krb5/krb/krbconfig.c
@@ -26,6 +26,5 @@
 
 #include "k5-int.h"
 
-krb5_deltat krb5_clockskew = 5 * 60;   /* five minutes */
 krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD5;
 krb5_flags krb5_kdc_default_options = KDC_OPT_RENEWABLE_OK;

diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c
index 539a75c96bc2d7004eca6542afb04dcc18036fe2..44ffdfd9af8a4640c7d919b9ad801aabf35a6556 100644 (file)
--- a/src/lib/krb5/krb/rd_cred.c
+++ b/src/lib/krb5/krb/rd_cred.c
@@ -201,8 +201,7 @@ cleanup_cred:
 
 /*----------------------- krb5_rd_cred -----------------------*/
 
-extern krb5_deltat krb5_clockskew;
-#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew)
+#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
 
 /*
  * This functions takes as input an KRB_CRED message, validates it, and

diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 9dd975e05fcdaae7c878a8afb2b6ac350024585c..7acb6f3f8c931b96c4560caf387eed95cf815560 100644 (file)
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -28,8 +28,7 @@
 #include "cleanup.h"
 #include "auth_con.h"
 
-extern krb5_deltat krb5_clockskew;   
-#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew)
+#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
 
 /*
 

diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index 5167701d028a2dd0c13f4da74202c0d308ea36a0..433fcb2a126bf028628a41f0f0715748b10809a8 100644 (file)
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -59,8 +59,7 @@
 static krb5_error_code decrypt_authenticator
        PROTOTYPE((krb5_context, const krb5_ap_req *, krb5_authenticator **));
 
-extern krb5_deltat krb5_clockskew;
-#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew)
+#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
 
 static krb5_error_code
 krb5_rd_req_decrypt_tkt_part(context, req, keytab)
@@ -236,7 +235,7 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab,
 
     if ((retval = krb5_timeofday(context, &currenttime)))
        goto cleanup;
-    if (starttime - currenttime > krb5_clockskew) {
+    if (starttime - currenttime > context->clockskew) {
        retval = KRB5KRB_AP_ERR_TKT_NYV;        /* ticket not yet valid */
        goto cleanup;
     }  
@@ -244,7 +243,8 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab,
        retval = KRB5KRB_AP_ERR_SKEW;
        goto cleanup;
     }
-    if (currenttime - req->ticket->enc_part2->times.endtime > krb5_clockskew) {
+    if ((currenttime - req->ticket->enc_part2->times.endtime) >
+       context->clockskew) {
        retval = KRB5KRB_AP_ERR_TKT_EXPIRED;    /* ticket expired */
        goto cleanup;
     }  

diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index df4b804bc2c5519f99a49df82d4aae83239f2b48..7298605c056df9c1fab34c2099356e074b6d4223 100644 (file)
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -28,8 +28,7 @@
 #include "cleanup.h"
 #include "auth_con.h"
 
-extern krb5_deltat krb5_clockskew;
-#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew)
+#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew)
 
 /*
  parses a KRB_SAFE message from inbuf, placing the integrity-protected user

diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c
index 2f867586252f43db0e3511e7c34a2c871cda97d9..3390d044c8b26b7fad0c58221656a115cb74a1ee 100644 (file)
--- a/src/lib/krb5/krb/recvauth.c
+++ b/src/lib/krb5/krb/recvauth.c
@@ -59,7 +59,6 @@ krb5_recvauth(context, auth_context,
     krb5_rcache          rcache;
     krb5_octet           response;
     krb5_data            null_server;
-    extern krb5_deltat           krb5_clockskew;
        
        /*
         * Zero out problem variable.  If problem is set at the end of
@@ -137,7 +136,7 @@ krb5_recvauth(context, auth_context,
     /*
      * Now, let's read the AP_REQ message and decode it
      */
-    if (retval = krb5_read_message(context, fd, &inbuf))
+    if ((retval = krb5_read_message(context, fd, &inbuf)))
         return retval;
 
     if (*auth_context == NULL) {

diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c
index 0764c6e55adcb24409f4eaf796fce6cc37bcf6a0..aa2ac6563e5668aae678f9f262b2562eef5dd12a 100644 (file)
--- a/src/lib/krb5/krb/srv_rcache.c
+++ b/src/lib/krb5/krb/srv_rcache.c
@@ -37,7 +37,6 @@ krb5_get_server_rcache(context, piece, rcptr)
     krb5_rcache rcache = 0;
     char *cachename = 0;
     char tmp[4];
-    extern krb5_deltat krb5_clockskew;
     krb5_error_code retval;
     int len, p, i;
     
@@ -88,7 +87,8 @@ krb5_get_server_rcache(context, piece, rcptr)
      * initialize it.
      */
     if (krb5_rc_recover(context, rcache)) {
-       if ((retval = krb5_rc_initialize(context, rcache, krb5_clockskew))) {
+       if ((retval = krb5_rc_initialize(context, rcache,
+                                        context->clockskew))) {
            krb5_rc_close(context, rcache);
            rcache = 0;
            goto cleanup;