From 0cf7189d4a4bf0ae538e0aa82ec90982b7523336 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Nov 2010 17:33:31 +1100 Subject: s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett --- source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/heimdal/lib') diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8ec3a65a31..0e8fbe8376 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -263,6 +263,10 @@ send_error_token(OM_uint32 *minor_status, krb5_principal ap_req_server = NULL; krb5_error_code ret; krb5_data outbuf; + /* this e_data value encodes KERB_AP_ERR_TYPE_SKEW_RECOVERY which + tells windows to try again with the corrected timestamp. See + [MS-KILE] 2.2.1 KERB-ERROR-DATA */ + krb5_data e_data = { 7, rk_UNCONST("\x30\x05\xa1\x03\x02\x01\x02") }; /* build server from request if the acceptor had not selected one */ if (server == NULL) { @@ -285,7 +289,7 @@ send_error_token(OM_uint32 *minor_status, server = ap_req_server; } - ret = krb5_mk_error(context, kret, NULL, NULL, NULL, + ret = krb5_mk_error(context, kret, NULL, &e_data, NULL, server, NULL, NULL, &outbuf); if (ap_req_server) krb5_free_principal(context, ap_req_server); -- cgit