diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-06-22 20:01:12 +1200 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-07-24 09:23:56 +0200 |
commit | b77fb6e636ce46f1f62cf5b71efd8dd3dd6fdbdb (patch) | |
tree | 80780d9099d05da1be3477493cc9dbb53995e5e6 | |
parent | f70ada5eb45baf192f72e9df11327dea5a49fa36 (diff) | |
download | samba-b77fb6e636ce46f1f62cf5b71efd8dd3dd6fdbdb.tar.gz |
CVE-2022-2031 third_party/heimdal: Add function to get current KDC time
This allows the plugin to check the endtime of a ticket against the
KDC's current time, to see if the ticket will expire in the next two
minutes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
-rw-r--r-- | third_party/heimdal/kdc/libkdc-exports.def | 1 | ||||
-rw-r--r-- | third_party/heimdal/kdc/process.c | 6 | ||||
-rw-r--r-- | third_party/heimdal/kdc/version-script.map | 1 |
3 files changed, 8 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/libkdc-exports.def b/third_party/heimdal/kdc/libkdc-exports.def index 2c4564bcadc..fc4fb812a77 100644 --- a/third_party/heimdal/kdc/libkdc-exports.def +++ b/third_party/heimdal/kdc/libkdc-exports.def @@ -10,6 +10,7 @@ EXPORTS kdc_validate_token krb5_kdc_plugin_init krb5_kdc_get_config + krb5_kdc_get_time krb5_kdc_pkinit_config krb5_kdc_set_dbinfo krb5_kdc_process_krb5_request diff --git a/third_party/heimdal/kdc/process.c b/third_party/heimdal/kdc/process.c index cf8ab060ec9..98a405e17d9 100644 --- a/third_party/heimdal/kdc/process.c +++ b/third_party/heimdal/kdc/process.c @@ -216,6 +216,12 @@ krb5_kdc_update_time(struct timeval *tv) _kdc_now = *tv; } +KDC_LIB_FUNCTION struct timeval KDC_LIB_CALL +krb5_kdc_get_time(void) +{ + return _kdc_now; +} + #define EXTEND_REQUEST_T(LHS, RHS) do { \ RHS = realloc(LHS, sizeof(*RHS)); \ diff --git a/third_party/heimdal/kdc/version-script.map b/third_party/heimdal/kdc/version-script.map index 72a21e62950..55dc91e74be 100644 --- a/third_party/heimdal/kdc/version-script.map +++ b/third_party/heimdal/kdc/version-script.map @@ -13,6 +13,7 @@ HEIMDAL_KDC_1.0 { kdc_validate_token; krb5_kdc_plugin_init; krb5_kdc_get_config; + krb5_kdc_get_time; krb5_kdc_pkinit_config; krb5_kdc_set_dbinfo; krb5_kdc_process_krb5_request; |