diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-06-22 20:01:12 +1200 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-07-27 10:52:36 +0000 |
| commit | 018bdbc29db035e14019f0f58aba035cc86b534e (patch) | |
| tree | fa39a70cd9e73732f30ae17a94f5552e2d8a3698 /third_party | |
| parent | 3e773a3954ff95c4ec9daeedf2739a5edd81e8dc (diff) | |
| download | samba-018bdbc29db035e14019f0f58aba035cc86b534e.tar.gz | |
CVE-2022-2031 third_party/heimdal: Add function to get current KDC time
This allows the plugin to check the endtime of a ticket against the
KDC's current time, to see if the ticket will expire in the next two
minutes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Diffstat (limited to 'third_party')
| -rw-r--r-- | third_party/heimdal/kdc/libkdc-exports.def | 1 | ||||
| -rw-r--r-- | third_party/heimdal/kdc/process.c | 6 | ||||
| -rw-r--r-- | third_party/heimdal/kdc/version-script.map | 1 |
3 files changed, 8 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/libkdc-exports.def b/third_party/heimdal/kdc/libkdc-exports.def index 2c4564bcadc..fc4fb812a77 100644 --- a/third_party/heimdal/kdc/libkdc-exports.def +++ b/third_party/heimdal/kdc/libkdc-exports.def @@ -10,6 +10,7 @@ EXPORTS kdc_validate_token krb5_kdc_plugin_init krb5_kdc_get_config + krb5_kdc_get_time krb5_kdc_pkinit_config krb5_kdc_set_dbinfo krb5_kdc_process_krb5_request diff --git a/third_party/heimdal/kdc/process.c b/third_party/heimdal/kdc/process.c index cf8ab060ec9..98a405e17d9 100644 --- a/third_party/heimdal/kdc/process.c +++ b/third_party/heimdal/kdc/process.c @@ -216,6 +216,12 @@ krb5_kdc_update_time(struct timeval *tv) _kdc_now = *tv; } +KDC_LIB_FUNCTION struct timeval KDC_LIB_CALL +krb5_kdc_get_time(void) +{ + return _kdc_now; +} + #define EXTEND_REQUEST_T(LHS, RHS) do { \ RHS = realloc(LHS, sizeof(*RHS)); \ diff --git a/third_party/heimdal/kdc/version-script.map b/third_party/heimdal/kdc/version-script.map index 72a21e62950..55dc91e74be 100644 --- a/third_party/heimdal/kdc/version-script.map +++ b/third_party/heimdal/kdc/version-script.map @@ -13,6 +13,7 @@ HEIMDAL_KDC_1.0 { kdc_validate_token; krb5_kdc_plugin_init; krb5_kdc_get_config; + krb5_kdc_get_time; krb5_kdc_pkinit_config; krb5_kdc_set_dbinfo; krb5_kdc_process_krb5_request; |