krb5 commit: Support kdc_timesync offsets in memory ccache
Greg Hudson
ghudson at MIT.EDU
Fri Aug 31 11:13:50 EDT 2012
https://github.com/krb5/krb5/commit/79b78773ee4e9219185c71907256a92e06ec5b57
commit 79b78773ee4e9219185c71907256a92e06ec5b57
Author: Nate Rosenblum <nater at maginatics.com>
Date: Wed Aug 29 11:16:11 2012 -0700
Support kdc_timesync offsets in memory ccache
When using v4 file credentials caches, client clock skew offsets
obtained when running with the kdc_timesync option set are persisted in
the ccache. This allows the offsets to be used across separate contexts,
e.g. when obtaining credentials using krb5 interfaces and subsequently
importing those credentials for use in gssapi. This patch adds similar
support for memory credentials caches.
[ghudson at mit.edu: Minor style corrections.]
ticket: 7346 (new)
src/lib/krb5/ccache/cc_memory.c | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index 07d9261..aa3d89d 100644
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -110,6 +110,9 @@ typedef struct _krb5_mcc_data {
krb5_principal prin;
krb5_mcc_cursor link;
krb5_timestamp changetime;
+ /* Time offsets for clock-skewed clients. */
+ krb5_int32 time_offset;
+ krb5_int32 usec_offset;
} krb5_mcc_data;
/* List of memory caches. */
@@ -144,6 +147,7 @@ static void krb5_mcc_free (krb5_context context, krb5_ccache id);
krb5_error_code KRB5_CALLCONV
krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
+ krb5_os_context os_ctx = &context->os_context;
krb5_error_code ret;
krb5_mcc_data *d;
@@ -159,6 +163,12 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
&d->prin);
update_mcc_change_time(d);
+ if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+ /* Store client time offsets in the cache */
+ d->time_offset = os_ctx->time_offset;
+ d->usec_offset = os_ctx->usec_offset;
+ }
+
k5_cc_mutex_unlock(context, &d->lock);
if (ret == KRB5_OK)
krb5_change_cache();
@@ -265,6 +275,7 @@ static krb5_error_code new_mcc_data (const char *, krb5_mcc_data **);
krb5_error_code KRB5_CALLCONV
krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
{
+ krb5_os_context os_ctx = &context->os_context;
krb5_ccache lid;
krb5_mcc_list_node *ptr;
krb5_error_code err;
@@ -291,6 +302,15 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
if (lid == NULL)
return KRB5_CC_NOMEM;
+ if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
+ !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+ /* Use the time offset from the cache entry */
+ os_ctx->time_offset = d->time_offset;
+ os_ctx->usec_offset = d->usec_offset;
+ os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+ KRB5_OS_TOFFSET_VALID);
+ }
+
lid->ops = &krb5_mcc_ops;
lid->data = d;
*id = lid;
@@ -421,6 +441,8 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr)
d->link = NULL;
d->prin = NULL;
d->changetime = 0;
+ d->time_offset = 0;
+ d->usec_offset = 0;
update_mcc_change_time(d);
n = malloc(sizeof(krb5_mcc_list_node));
More information about the cvs-krb5
mailing list