Allow clock skew in krb5 gss_context_time()

Commit b496ce4 (ticket #8268) adds the clock skew to krb5 acceptor context lifetimes for gss_accept_sec_context() and gss_inquire_context(), but not for gss_context_time(). Add the clock skew in gss_context_time() as well. (cherry picked from commit b0a072e) ticket: 8581 version_fixed: 1.15.2
krb5 · Jul 17, 2017 · 9ea1b4d · 9ea1b4d
1 parent 79669b0
commit 9ea1b4d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c
@@ -51,7 +51,10 @@ krb5_gss_context_time(minor_status, context_handle, time_rec)
         return(GSS_S_FAILURE);
     }
 
-    if ((lifetime = ctx->krb_times.endtime - now) <= 0) {
+    lifetime = ctx->krb_times.endtime - now;
+    if (!ctx->initiate)
+        lifetime += ctx->k5_context->clockskew;
+    if (lifetime <= 0) {
         *time_rec = 0;
         *minor_status = 0;
         return(GSS_S_CONTEXT_EXPIRED);