From 8cabf8a9bbc359a1627d005e4a08dfa4ca61c89e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 8 Jun 2010 16:14:24 +0000 Subject: [PATCH] Stop checking the current time against the context expiration time in the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. ticket: 6739 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/k5unsealiov.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index a489f0d84..2be7b82ae 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -52,7 +52,6 @@ kg_unseal_v1_iov(krb5_context context, int signalg; krb5_checksum cksum; krb5_checksum md5cksum; - krb5_timestamp now; size_t cksum_len = 0; size_t conflen = 0; int direction; @@ -280,19 +279,6 @@ kg_unseal_v1_iov(krb5_context context, if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; - code = krb5_timeofday(context, &now); - if (code != 0) { - *minor_status = code; - retval = GSS_S_FAILURE; - goto cleanup; - } - - if (now > ctx->krb_times.endtime) { - *minor_status = 0; - retval = GSS_S_CONTEXT_EXPIRED; - goto cleanup; - } - if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { *minor_status = (OM_uint32)G_BAD_DIRECTION; -- 2.26.2