diff options
Diffstat (limited to 'src/lib/gssapi/krb5/inq_context.c')
-rw-r--r-- | src/lib/gssapi/krb5/inq_context.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c index 9024b3c7ea9c..cac024da1f01 100644 --- a/src/lib/gssapi/krb5/inq_context.c +++ b/src/lib/gssapi/krb5/inq_context.c @@ -120,7 +120,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, /* Add the maximum allowable clock skew as a grace period for context * expiration, just as we do for the ticket during authentication. */ - lifetime = ctx->krb_times.endtime - now; + lifetime = ts_delta(ctx->krb_times.endtime, now); if (!ctx->initiate) lifetime += context->clockskew; if (lifetime < 0) @@ -310,3 +310,30 @@ gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status, return generic_gss_add_buffer_set_member(minor_status, &rep, data_set); } + +OM_uint32 +gss_krb5int_sec_context_sasl_ssf(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + krb5_gss_ctx_id_rec *ctx; + krb5_key key; + krb5_error_code code; + gss_buffer_desc ssfbuf; + unsigned int ssf; + uint8_t buf[4]; + + ctx = (krb5_gss_ctx_id_rec *)context_handle; + key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey; + + code = k5_enctype_to_ssf(key->keyblock.enctype, &ssf); + if (code) + return GSS_S_FAILURE; + + store_32_be(ssf, buf); + ssfbuf.value = buf; + ssfbuf.length = sizeof(buf); + + return generic_gss_add_buffer_set_member(minor_status, &ssfbuf, data_set); +} |