From 0851e65edabfa98bffeec76d115c2d3fd8861d63 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 12 Apr 1996 02:18:50 +0000 Subject: [PATCH] Move time offset code from stash_as_reply to verify_as_reply, and fix it so that it actually works. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7801 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 6 ++++++ src/lib/krb5/krb/get_in_tkt.c | 24 +++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 232441e8c..62c92296a 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,9 @@ +Thu Apr 11 21:30:23 1996 Theodore Y. Ts'o + + * get_in_tkt.c (stash_as_reply, verify_as_reply): Move time offset + code from stash_as_reply to verify_as_reply, and fix it so + that it actually works. + Wed Apr 3 16:04:36 1996 Theodore Y. Ts'o * rd_req_dec.c (krb5_rd_req_decoded): Move code which diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 79c41086b..891bff856 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -220,6 +220,8 @@ verify_as_reply(context, time_now, request, as_reply) krb5_kdc_req *request; krb5_kdc_rep *as_reply; { + krb5_error_code retval; + /* check the contents for sanity: */ if (!as_reply->enc_part2->times.starttime) as_reply->enc_part2->times.starttime = @@ -245,11 +247,17 @@ verify_as_reply(context, time_now, request, as_reply) ) return KRB5_KDCREP_MODIFIED; - if ((request->from == 0) && - (labs(as_reply->enc_part2->times.starttime - time_now) - > context->clockskew)) - return (KRB5_KDCREP_SKEW); - + if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) { + retval = krb5_set_real_time(context, + as_reply->enc_part2->times.authtime, 0); + if (retval) + return retval; + } else { + if ((request->from == 0) && + (labs(as_reply->enc_part2->times.starttime - time_now) + > context->clockskew)) + return (KRB5_KDCREP_SKEW); + } return 0; } @@ -265,12 +273,6 @@ stash_as_reply(context, time_now, request, as_reply, creds, ccache) krb5_error_code retval; krb5_data * packet; - if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) - krb5_set_time_offsets(context, - (as_reply->enc_part2->times.authtime - - time_now), - 0); - /* XXX issue warning if as_reply->enc_part2->key_exp is nearby */ /* fill in the credentials */ -- 2.26.2