From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 25 Sep 2002 15:19:00 +0000
Subject: sync'ing up for 3.0alpha20 release (This used to be commit
 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)

---
 source3/libsmb/clikrb5.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'source3/libsmb/clikrb5.c')

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 685c4a25e0..e7143d065d 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -64,6 +64,14 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
 		goto cleanup_creds;
 	}
 
+	/* cope with the ticket being in the future due to clock skew */
+	if ((unsigned)credsp->times.starttime > time(NULL)) {
+		time_t t = time(NULL);
+		int time_offset = (unsigned)credsp->times.starttime - t;
+		DEBUG(4,("Advancing clock by %d seconds to cope with clock skew\n", time_offset));
+		krb5_set_real_time(context, t + time_offset + 1, 0);
+	}
+
 	in_data.length = 0;
 	retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
 				      &in_data, credsp, outbuf);
@@ -86,7 +94,7 @@ cleanup_princ:
 /*
   get a kerberos5 ticket for the given service 
 */
-DATA_BLOB krb5_get_ticket(char *principal)
+DATA_BLOB krb5_get_ticket(char *principal, time_t time_offset)
 {
 	krb5_error_code retval;
 	krb5_data packet;
@@ -94,7 +102,12 @@ DATA_BLOB krb5_get_ticket(char *principal)
 	krb5_context context;
 	krb5_auth_context auth_context = NULL;
 	DATA_BLOB ret;
-	krb5_enctype enc_types[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL};
+	krb5_enctype enc_types[] = {
+#ifdef ENCTYPE_ARCFOUR_HMAC
+		ENCTYPE_ARCFOUR_HMAC, 
+#endif
+				    ENCTYPE_DES_CBC_MD5, 
+				    ENCTYPE_NULL};
 
 	retval = krb5_init_context(&context);
 	if (retval) {
@@ -103,6 +116,10 @@ DATA_BLOB krb5_get_ticket(char *principal)
 		goto failed;
 	}
 
+	if (time_offset != 0) {
+		krb5_set_real_time(context, time(NULL) + time_offset, 0);
+	}
+
 	if ((retval = krb5_cc_default(context, &ccdef))) {
 		DEBUG(1,("krb5_cc_default failed (%s)\n",
 			 error_message(retval)));
@@ -137,7 +154,7 @@ failed:
 
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
- DATA_BLOB krb5_get_ticket(char *principal)
+ DATA_BLOB krb5_get_ticket(char *principal, time_t time_offset)
  {
 	 DEBUG(0,("NO KERBEROS SUPPORT\n"));
 	 return data_blob(NULL, 0);
-- 
cgit