summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-11-17 17:33:31 +1100
committerAndrew Tridgell <tridge@samba.org>2010-11-17 23:55:39 +1100
commit0cf7189d4a4bf0ae538e0aa82ec90982b7523336 (patch)
tree0248a7db1a9bc8e99167d7bef6fae90ef16dc3e0
parent5f655e99a1c17ac9d28acb4740585d2100746d69 (diff)
downloadsamba-0cf7189d4a4bf0ae538e0aa82ec90982b7523336.tar.gz
samba-0cf7189d4a4bf0ae538e0aa82ec90982b7523336.tar.bz2
samba-0cf7189d4a4bf0ae538e0aa82ec90982b7523336.zip
s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY
this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 8ec3a65a31..0e8fbe8376 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -263,6 +263,10 @@ send_error_token(OM_uint32 *minor_status,
krb5_principal ap_req_server = NULL;
krb5_error_code ret;
krb5_data outbuf;
+ /* this e_data value encodes KERB_AP_ERR_TYPE_SKEW_RECOVERY which
+ tells windows to try again with the corrected timestamp. See
+ [MS-KILE] 2.2.1 KERB-ERROR-DATA */
+ krb5_data e_data = { 7, rk_UNCONST("\x30\x05\xa1\x03\x02\x01\x02") };
/* build server from request if the acceptor had not selected one */
if (server == NULL) {
@@ -285,7 +289,7 @@ send_error_token(OM_uint32 *minor_status,
server = ap_req_server;
}
- ret = krb5_mk_error(context, kret, NULL, NULL, NULL,
+ ret = krb5_mk_error(context, kret, NULL, &e_data, NULL,
server, NULL, NULL, &outbuf);
if (ap_req_server)
krb5_free_principal(context, ap_req_server);