From: Stefan Metzmacher Date: Mon, 4 Aug 2008 08:59:00 +0000 (+0200) Subject: HACK clock skew when getting tickets... X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=22b7cf385de HACK clock skew when getting tickets... --- diff --git a/source/heimdal/lib/krb5/get_cred.c b/source/heimdal/lib/krb5/get_cred.c index 268550b22930..4a49337aa305 100644 --- a/source/heimdal/lib/krb5/get_cred.c +++ b/source/heimdal/lib/krb5/get_cred.c @@ -407,6 +407,9 @@ get_cred_kdc(krb5_context context, size_t len; Ticket second_ticket_data; METHOD_DATA padata; + int again = 0; + +do_again: krb5_data_zero(&resp); krb5_data_zero(&enc); @@ -555,6 +558,11 @@ get_cred_kdc(krb5_context context, krb5_free_kdc_rep(context, &rep); } else if(krb5_rd_error(context, &resp, &error) == 0) { ret = krb5_error_from_rd_error(context, &error, in_creds); + if (ret == KRB5KRB_AP_ERR_SKEW) { +printf("reset time TGS\n"); + krb5_set_real_time(context, error.stime, 0); + again++; + } krb5_free_error_contents(context, &error); } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; @@ -574,6 +582,7 @@ out: krb5_free_keyblock_contents(context, subkey); free(subkey); } +if (ret && again == 1) goto do_again; return ret; } diff --git a/source/heimdal/lib/krb5/init_creds_pw.c b/source/heimdal/lib/krb5/init_creds_pw.c index e3098b0a9283..2fc6e3952c80 100644 --- a/source/heimdal/lib/krb5/init_creds_pw.c +++ b/source/heimdal/lib/krb5/init_creds_pw.c @@ -1330,6 +1330,11 @@ init_cred_loop(krb5_context context, krb5_free_error_contents(context, &error); if (ret) goto out; + } else if (ret == KRB5KRB_AP_ERR_SKEW) { +/*KRB5_KDCREP_SKEW, "Clock skew too great in KDC reply" +heimdal/lib/krb5/rd_cred.c: ret = KRB5KRB_AP_ERR_SKEW +*/printf("reset time\n"); + krb5_set_real_time(context, error.stime, 0); } else { _krb5_get_init_creds_opt_set_krb5_error(context, init_cred_opts,