svn rev #25424: trunk/src/ include/ include/krb5/ lib/ lib/krb5/ lib/krb5/krb/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Oct 31 12:43:40 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25424
Commit By: ghudson
Log Message:
ticket: 6996
subject: Make krb5_check_clockskew public
target_version: 1.10
tags: pullup
Rename krb5int_check_clockskew to krb5_check_clockskew and make it
public, in order to give kdcpreauth plugins a way to check timestamps
against the configured clock skew.
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/include/krb5/krb5.hin
U trunk/src/lib/krb5/krb/rd_cred.c
U trunk/src/lib/krb5/krb/rd_priv.c
U trunk/src/lib/krb5/krb/rd_req_dec.c
U trunk/src/lib/krb5/krb/rd_safe.c
U trunk/src/lib/krb5/libkrb5.exports
U trunk/src/lib/krb5/os/timeofday.c
U trunk/src/lib/krb5_32.def
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/include/k5-int.h 2011-10-31 16:43:40 UTC (rev 25424)
@@ -2693,7 +2693,6 @@
krb5_error_code krb5_use_natural_time(krb5_context);
krb5_error_code krb5_set_time_offsets(krb5_context, krb5_timestamp,
krb5_int32);
-krb5_error_code krb5int_check_clockskew(krb5_context, krb5_timestamp);
/*
* The realm iterator functions
*/
Modified: trunk/src/include/krb5/krb5.hin
===================================================================
--- trunk/src/include/krb5/krb5.hin 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/include/krb5/krb5.hin 2011-10-31 16:43:40 UTC (rev 25424)
@@ -4750,6 +4750,21 @@
krb5_timeofday(krb5_context context, register krb5_timestamp *timeret);
/**
+ * Check if a timestamp is within the allowed clock skew of the current time.
+ *
+ * @param [in] context Library context
+ * @param [in] date Timestamp to check
+ *
+ * This function checks if @a date is close enough to the current time
+ * according to the configured allowable clock skew.
+ *
+ * @retval 0 Success
+ * @retval KRB5KRB_AP_ERR_SKEW @a date is not within allowable clock skew
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_check_clockskew(krb5_context context, krb5_timestamp date);
+
+/**
* Return all interface addresses for this host.
*
* @param [in] context Library context
Modified: trunk/src/lib/krb5/krb/rd_cred.c
===================================================================
--- trunk/src/lib/krb5/krb/rd_cred.c 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5/krb/rd_cred.c 2011-10-31 16:43:40 UTC (rev 25424)
@@ -222,7 +222,7 @@
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+ if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
goto error;
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
Modified: trunk/src/lib/krb5/krb/rd_priv.c
===================================================================
--- trunk/src/lib/krb5/krb/rd_priv.c 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5/krb/rd_priv.c 2011-10-31 16:43:40 UTC (rev 25424)
@@ -150,7 +150,7 @@
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+ if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
goto error;
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
Modified: trunk/src/lib/krb5/krb/rd_req_dec.c
===================================================================
--- trunk/src/lib/krb5/krb/rd_req_dec.c 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5/krb/rd_req_dec.c 2011-10-31 16:43:40 UTC (rev 25424)
@@ -414,7 +414,7 @@
if (retval != 0)
goto cleanup;
- if ((retval = krb5int_check_clockskew(context, (*auth_context)->authentp->ctime)))
+ if ((retval = krb5_check_clockskew(context, (*auth_context)->authentp->ctime)))
goto cleanup;
if (check_valid_flag) {
Modified: trunk/src/lib/krb5/krb/rd_safe.c
===================================================================
--- trunk/src/lib/krb5/krb/rd_safe.c 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5/krb/rd_safe.c 2011-10-31 16:43:40 UTC (rev 25424)
@@ -166,7 +166,7 @@
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
- if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+ if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
goto error;
if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5/libkrb5.exports 2011-10-31 16:43:40 UTC (rev 25424)
@@ -224,6 +224,7 @@
krb5_cccol_cursor_next
krb5_change_cache
krb5_change_password
+krb5_check_clockskew
krb5_check_transited_list
krb5_chpw_result_code_string
krb5_clear_error_message
Modified: trunk/src/lib/krb5/os/timeofday.c
===================================================================
--- trunk/src/lib/krb5/os/timeofday.c 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5/os/timeofday.c 2011-10-31 16:43:40 UTC (rev 25424)
@@ -51,8 +51,8 @@
return 0;
}
-krb5_error_code
-krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
+krb5_error_code KRB5_CALLCONV
+krb5_check_clockskew(krb5_context context, krb5_timestamp date)
{
krb5_timestamp currenttime;
krb5_error_code retval;
Modified: trunk/src/lib/krb5_32.def
===================================================================
--- trunk/src/lib/krb5_32.def 2011-10-30 21:52:18 UTC (rev 25423)
+++ trunk/src/lib/krb5_32.def 2011-10-31 16:43:40 UTC (rev 25424)
@@ -420,3 +420,4 @@
krb5_cc_select @394
krb5_pac_sign @395
krb5_find_authdata @396
+ krb5_check_clockskew @397
More information about the cvs-krb5
mailing list