summaryrefslogtreecommitdiff
path: root/source3/libads/krb5_setpw.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2002-09-17 12:12:50 +0000
committerAndrew Tridgell <tridge@samba.org>2002-09-17 12:12:50 +0000
commitb33681fc0b8ef7b9fa91c154f7c3117afafa349e (patch)
treea83b6dc52ddcd4fdc873882b5a127a33044e55c5 /source3/libads/krb5_setpw.c
parent3fefef7a7238e63716a8003aa27a08627a61b927 (diff)
downloadsamba-b33681fc0b8ef7b9fa91c154f7c3117afafa349e.tar.gz
samba-b33681fc0b8ef7b9fa91c154f7c3117afafa349e.tar.bz2
samba-b33681fc0b8ef7b9fa91c154f7c3117afafa349e.zip
Add clock skew handling to our kerberos code. This allows us to cope with
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
Diffstat (limited to 'source3/libads/krb5_setpw.c')
-rw-r--r--source3/libads/krb5_setpw.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index ec79a8658f..a49b6cbe3b 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -248,7 +248,8 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
return 0;
}
-ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw)
+ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw,
+ int time_offset)
{
krb5_context context;
krb5_auth_context auth_context = NULL;
@@ -268,6 +269,10 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
return ADS_ERROR_KRB5(ret);
}
+ if (time_offset != 0) {
+ krb5_set_real_time(context, time(NULL) + time_offset, 0);
+ }
+
ret = krb5_cc_default(context, &ccache);
if (ret) {
krb5_free_context(context);
@@ -452,16 +457,17 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
ADS_STATUS kerberos_set_password(const char *kpasswd_server,
const char *auth_principal, const char *auth_password,
- const char *target_principal, const char *new_password)
+ const char *target_principal, const char *new_password,
+ int time_offset)
{
int ret;
- if ((ret = kerberos_kinit_password(auth_principal, auth_password))) {
+ if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) {
DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
- return krb5_set_password(kpasswd_server, target_principal, new_password);
+ return krb5_set_password(kpasswd_server, target_principal, new_password, time_offset);
}