From 22b7cf385de3ef16bb06b1784661cdb496c01ce1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 4 Aug 2008 10:59:00 +0200 Subject: [PATCH] HACK clock skew when getting tickets... --- source/heimdal/lib/krb5/get_cred.c | 9 +++++++++ source/heimdal/lib/krb5/init_creds_pw.c | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/source/heimdal/lib/krb5/get_cred.c b/source/heimdal/lib/krb5/get_cred.c index 268550b22930..4a49337aa305 100644 --- a/source/heimdal/lib/krb5/get_cred.c +++ b/source/heimdal/lib/krb5/get_cred.c @@ -407,6 +407,9 @@ get_cred_kdc(krb5_context context, size_t len; Ticket second_ticket_data; METHOD_DATA padata; + int again = 0; + +do_again: krb5_data_zero(&resp); krb5_data_zero(&enc); @@ -555,6 +558,11 @@ get_cred_kdc(krb5_context context, krb5_free_kdc_rep(context, &rep); } else if(krb5_rd_error(context, &resp, &error) == 0) { ret = krb5_error_from_rd_error(context, &error, in_creds); + if (ret == KRB5KRB_AP_ERR_SKEW) { +printf("reset time TGS\n"); + krb5_set_real_time(context, error.stime, 0); + again++; + } krb5_free_error_contents(context, &error); } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; @@ -574,6 +582,7 @@ out: krb5_free_keyblock_contents(context, subkey); free(subkey); } +if (ret && again == 1) goto do_again; return ret; } diff --git a/source/heimdal/lib/krb5/init_creds_pw.c b/source/heimdal/lib/krb5/init_creds_pw.c index e3098b0a9283..2fc6e3952c80 100644 --- a/source/heimdal/lib/krb5/init_creds_pw.c +++ b/source/heimdal/lib/krb5/init_creds_pw.c @@ -1330,6 +1330,11 @@ init_cred_loop(krb5_context context, krb5_free_error_contents(context, &error); if (ret) goto out; + } else if (ret == KRB5KRB_AP_ERR_SKEW) { +/*KRB5_KDCREP_SKEW, "Clock skew too great in KDC reply" +heimdal/lib/krb5/rd_cred.c: ret = KRB5KRB_AP_ERR_SKEW +*/printf("reset time\n"); + krb5_set_real_time(context, error.stime, 0); } else { _krb5_get_init_creds_opt_set_krb5_error(context, init_cred_opts, -- 2.34.1