From 81e44bb850d061fda9bd2d5dbb2adcfd6212bb44 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 8 Nov 1995 21:59:00 +0000 Subject: [PATCH] * krbconfig.c: Removed the krb5_clockskew variable * srv_rcache.c (krb5_get_server_rcache): * rd_safe.c (krb5_rd_safe): * rd_req_dec.c (krb5_rd_req_decoded): * rd_priv.c (krb5_rd_priv): * rd_cred.c (krb5_rd_cred): * gc_via_tkt.c (krb5_get_cred_via_tkt): * get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew with context->clockskew. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7063 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 11 +++++++++++ src/lib/krb5/krb/gc_via_tkt.c | 3 +-- src/lib/krb5/krb/get_in_tkt.c | 4 +--- src/lib/krb5/krb/krbconfig.c | 1 - src/lib/krb5/krb/rd_cred.c | 3 +-- src/lib/krb5/krb/rd_priv.c | 3 +-- src/lib/krb5/krb/rd_req_dec.c | 8 ++++---- src/lib/krb5/krb/rd_safe.c | 3 +-- src/lib/krb5/krb/recvauth.c | 3 +-- src/lib/krb5/krb/srv_rcache.c | 4 ++-- 10 files changed, 23 insertions(+), 20 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index cf9852d68..4f127349c 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,5 +1,16 @@ Wed Nov 8 02:50:59 1995 Theodore Y. Ts'o + * krbconfig.c: Removed the krb5_clockskew variable. + + * srv_rcache.c (krb5_get_server_rcache): + * rd_safe.c (krb5_rd_safe): + * rd_req_dec.c (krb5_rd_req_decoded): + * rd_priv.c (krb5_rd_priv): + * rd_cred.c (krb5_rd_cred): + * gc_via_tkt.c (krb5_get_cred_via_tkt): + * get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew + with context->clockskew. + * encrypt_tk.c (cleanup_scratch): Changed interface to no longer require an eblock; we can use our own and figure out the enctype from the passed-in key. diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index c37d39acd..ed52b00f6 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -28,8 +28,7 @@ #include "k5-int.h" #include "int-proto.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date, now) (labs((date)-(now)) < krb5_clockskew) +#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) static krb5_error_code krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds) diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 3a71d89fc..e1c253b20 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -55,8 +55,6 @@ */ -extern krb5_deltat krb5_clockskew; - /* some typedef's for the function args to make things look a bit cleaner */ typedef krb5_error_code (*git_key_proc) PROTOTYPE((krb5_context, @@ -264,7 +262,7 @@ verify_as_reply(context, time_now, request, as_reply) if ((request->from == 0) && (labs(as_reply->enc_part2->times.starttime - time_now) - > krb5_clockskew)) + > context->clockskew)) return (KRB5_KDCREP_SKEW); return 0; diff --git a/src/lib/krb5/krb/krbconfig.c b/src/lib/krb5/krb/krbconfig.c index 7401bd38f..a3fdaf116 100644 --- a/src/lib/krb5/krb/krbconfig.c +++ b/src/lib/krb5/krb/krbconfig.c @@ -26,6 +26,5 @@ #include "k5-int.h" -krb5_deltat krb5_clockskew = 5 * 60; /* five minutes */ krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD5; krb5_flags krb5_kdc_default_options = KDC_OPT_RENEWABLE_OK; diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c index 539a75c96..44ffdfd9a 100644 --- a/src/lib/krb5/krb/rd_cred.c +++ b/src/lib/krb5/krb/rd_cred.c @@ -201,8 +201,7 @@ cleanup_cred: /*----------------------- krb5_rd_cred -----------------------*/ -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) /* * This functions takes as input an KRB_CRED message, validates it, and diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 9dd975e05..7acb6f3f8 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -28,8 +28,7 @@ #include "cleanup.h" #include "auth_con.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) /* diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 5167701d0..433fcb2a1 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -59,8 +59,7 @@ static krb5_error_code decrypt_authenticator PROTOTYPE((krb5_context, const krb5_ap_req *, krb5_authenticator **)); -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) static krb5_error_code krb5_rd_req_decrypt_tkt_part(context, req, keytab) @@ -236,7 +235,7 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab, if ((retval = krb5_timeofday(context, ¤ttime))) goto cleanup; - if (starttime - currenttime > krb5_clockskew) { + if (starttime - currenttime > context->clockskew) { retval = KRB5KRB_AP_ERR_TKT_NYV; /* ticket not yet valid */ goto cleanup; } @@ -244,7 +243,8 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab, retval = KRB5KRB_AP_ERR_SKEW; goto cleanup; } - if (currenttime - req->ticket->enc_part2->times.endtime > krb5_clockskew) { + if ((currenttime - req->ticket->enc_part2->times.endtime) > + context->clockskew) { retval = KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */ goto cleanup; } diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index df4b804bc..7298605c0 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -28,8 +28,7 @@ #include "cleanup.h" #include "auth_con.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (labs((date)-currenttime) < krb5_clockskew) +#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) /* parses a KRB_SAFE message from inbuf, placing the integrity-protected user diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index 2f8675862..3390d044c 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -59,7 +59,6 @@ krb5_recvauth(context, auth_context, krb5_rcache rcache; krb5_octet response; krb5_data null_server; - extern krb5_deltat krb5_clockskew; /* * Zero out problem variable. If problem is set at the end of @@ -137,7 +136,7 @@ krb5_recvauth(context, auth_context, /* * Now, let's read the AP_REQ message and decode it */ - if (retval = krb5_read_message(context, fd, &inbuf)) + if ((retval = krb5_read_message(context, fd, &inbuf))) return retval; if (*auth_context == NULL) { diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index 0764c6e55..aa2ac6563 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -37,7 +37,6 @@ krb5_get_server_rcache(context, piece, rcptr) krb5_rcache rcache = 0; char *cachename = 0; char tmp[4]; - extern krb5_deltat krb5_clockskew; krb5_error_code retval; int len, p, i; @@ -88,7 +87,8 @@ krb5_get_server_rcache(context, piece, rcptr) * initialize it. */ if (krb5_rc_recover(context, rcache)) { - if ((retval = krb5_rc_initialize(context, rcache, krb5_clockskew))) { + if ((retval = krb5_rc_initialize(context, rcache, + context->clockskew))) { krb5_rc_close(context, rcache); rcache = 0; goto cleanup; -- 2.26.2