summaryrefslogtreecommitdiff
path: root/src/lib/gssapi/krb5/inq_context.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/gssapi/krb5/inq_context.c')
-rw-r--r--src/lib/gssapi/krb5/inq_context.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c
index 9024b3c7ea9c..cac024da1f01 100644
--- a/src/lib/gssapi/krb5/inq_context.c
+++ b/src/lib/gssapi/krb5/inq_context.c
@@ -120,7 +120,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
/* Add the maximum allowable clock skew as a grace period for context
* expiration, just as we do for the ticket during authentication. */
- lifetime = ctx->krb_times.endtime - now;
+ lifetime = ts_delta(ctx->krb_times.endtime, now);
if (!ctx->initiate)
lifetime += context->clockskew;
if (lifetime < 0)
@@ -310,3 +310,30 @@ gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status,
return generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
}
+
+OM_uint32
+gss_krb5int_sec_context_sasl_ssf(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ krb5_gss_ctx_id_rec *ctx;
+ krb5_key key;
+ krb5_error_code code;
+ gss_buffer_desc ssfbuf;
+ unsigned int ssf;
+ uint8_t buf[4];
+
+ ctx = (krb5_gss_ctx_id_rec *)context_handle;
+ key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey;
+
+ code = k5_enctype_to_ssf(key->keyblock.enctype, &ssf);
+ if (code)
+ return GSS_S_FAILURE;
+
+ store_32_be(ssf, buf);
+ ssfbuf.value = buf;
+ ssfbuf.length = sizeof(buf);
+
+ return generic_gss_add_buffer_set_member(minor_status, &ssfbuf, data_set);
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 12:57:08 +0000