fprintf(stderr, _("Bad start time value %s\n"), optarg);
errflg++;
} else {
- opts->starttime = abs_starttime - time(0);
+ opts->starttime = ts_delta(abs_starttime, time(NULL));
}
}
break;
int show_ccache (krb5_ccache);
int check_ccache (krb5_ccache);
void do_keytab (char *);
-void printtime (time_t);
+void printtime (krb5_timestamp);
void one_addr (krb5_address *);
void fillit (FILE *, unsigned int, int);
while (!(ret = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
if (is_local_tgt(creds.server, &princ->realm)) {
found_tgt = TRUE;
- if (creds.times.endtime > now)
+ if (ts_after(creds.times.endtime, now))
found_current_tgt = TRUE;
} else if (!krb5_is_config_principal(kcontext, creds.server) &&
- creds.times.endtime > now) {
+ ts_after(creds.times.endtime, now)) {
found_current_cred = TRUE;
}
krb5_free_cred_contents(kcontext, &creds);
}
void
-printtime(tv)
- time_t tv;
+printtime(krb5_timestamp ts)
{
- char timestring[BUFSIZ];
- char fill;
-
- fill = ' ';
- if (!krb5_timestamp_to_sfstring((krb5_timestamp) tv,
- timestring,
- timestamp_width+1,
- &fill)) {
+ char timestring[BUFSIZ], fill = ' ';
+
+ if (!krb5_timestamp_to_sfstring(ts, timestring, timestamp_width + 1,
+ &fill))
printf("%s", timestring);
- }
}
static void
context->clockskew);
fprintf(stderr,"krb5_check_exp: currenttime - endtime %d \n",
- (currenttime - tkt_time.endtime ));
+ ts_delta(currenttime, tkt_time.endtime));
}
- if (currenttime - tkt_time.endtime > context->clockskew){
+ if (ts_delta(currenttime, tkt_time.endtime) > context->clockskew) {
retval = KRB5KRB_AP_ERR_TKT_EXPIRED ;
return retval;
}
return(buf);
}
-void printtime(tv)
- time_t tv;
+void printtime(krb5_timestamp ts)
{
- char fmtbuf[18];
- char fill;
- krb5_timestamp tstamp;
-
- /* XXXX ASSUMES sizeof(krb5_timestamp) >= sizeof(time_t) */
- (void) localtime((time_t *)&tv);
- tstamp = tv;
- fill = ' ';
- if (!krb5_timestamp_to_sfstring(tstamp,
- fmtbuf,
- sizeof(fmtbuf),
- &fill))
+ char fmtbuf[18], fill = ' ';
+
+ if (!krb5_timestamp_to_sfstring(ts, fmtbuf, sizeof(fmtbuf), &fill))
printf("%s", fmtbuf);
}
extern krb5_error_code krb5_find_princ_in_cache
(krb5_context, krb5_ccache, krb5_principal, krb5_boolean *);
-extern void printtime (time_t);
+extern void printtime (krb5_timestamp);
/* authorization.c */
extern krb5_boolean fowner (FILE *, uid_t);
#define EPOCH 1970
-#define EPOCH_END 2038 /* assumes 32 bits */
+#define EPOCH_END 2106 /* assumes unsigned 32-bit range */
#define HOUR(x) ((time_t)(x) * 60)
#define SECSPERDAY (24L * 60L * 60L)
* library */
/* for "_" macro */
-#include "k5-platform.h"
-#include <krb5.h>
+#include "k5-int.h"
#include <kadm5/admin.h>
#include <adm_proto.h>
#include <errno.h>
{
struct tm *tm;
static char out[40];
+ time_t lcltim = ts2tt(when);
- time_t lcltim = when;
tm = localtime(&lcltim);
strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm);
return out;
fprintf(fp, "princ\t%d\t%lu\t%d\t%d\t%d\t%s\t", (int)entry->len,
(unsigned long)strlen(name), counter, (int)entry->n_key_data,
(int)entry->e_length, name);
- fprintf(fp, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d", entry->attributes,
- entry->max_life, entry->max_renewable_life, entry->expiration,
- entry->pw_expiration,
- omit_nra ? 0 : entry->last_success,
- omit_nra ? 0 : entry->last_failed,
+ fprintf(fp, "%d\t%d\t%d\t%u\t%u\t%u\t%u\t%d", entry->attributes,
+ entry->max_life, entry->max_renewable_life,
+ (unsigned int)entry->expiration,
+ (unsigned int)entry->pw_expiration,
+ (unsigned int)(omit_nra ? 0 : entry->last_success),
+ (unsigned int)(omit_nra ? 0 : entry->last_failed),
omit_nra ? 0 : entry->fail_auth_count);
/* Write out tagged data. */
{
int retval, nread, i, j;
krb5_db_entry *dbentry;
- int t1, t2, t3, t4, t5, t6, t7;
+ int t1, t2, t3, t4;
unsigned int u1, u2, u3, u4, u5;
char *name = NULL;
krb5_key_data *kp = NULL, *kd;
}
/* Get the fixed principal attributes */
- nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
- &t1, &t2, &t3, &t4, &t5, &t6, &t7, &u1);
+ nread = fscanf(filep, "%d\t%d\t%d\t%u\t%u\t%d\t%d\t%d\t",
+ &t1, &t2, &t3, &u1, &u2, &u3, &u4, &u5);
if (nread != 8) {
load_err(fname, *linenop, _("cannot read principal attributes"));
goto fail;
dbentry->attributes = t1;
dbentry->max_life = t2;
dbentry->max_renewable_life = t3;
- dbentry->expiration = t4;
- dbentry->pw_expiration = t5;
- dbentry->last_success = t6;
- dbentry->last_failed = t7;
- dbentry->fail_auth_count = u1;
+ dbentry->expiration = u1;
+ dbentry->pw_expiration = u2;
+ dbentry->last_success = u3;
+ dbentry->last_failed = u4;
+ dbentry->fail_auth_count = u5;
dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
{
struct tm *tm;
static char out[40];
+ time_t lcltim = ts2tt(when);
- time_t lcltim = when;
tm = localtime(&lcltim);
strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm);
return out;
cur_actkvno != NULL;
prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) {
- if (new_actkvno->act_time < cur_actkvno->act_time) {
+ if (ts_after(cur_actkvno->act_time, new_actkvno->act_time)) {
if (prev_actkvno) {
prev_actkvno->next = new_actkvno;
new_actkvno->next = cur_actkvno;
}
}
- if (actkvno_list->act_time > now) {
+ if (ts_after(actkvno_list->act_time, now)) {
com_err(progname, EINVAL,
_("there must be one master key currently active"));
exit_status++;
struct tm *tm = NULL;
struct rechandle *h = args->rh;
- t = when;
+ t = ts2tt(when);
tm = gmtime(&t);
if (tm == NULL) {
errno = EINVAL;
} else
Tcl_DStringAppendElement(str, "null");
- sprintf(buf, "%d", princ->princ_expire_time);
+ sprintf(buf, "%u", (unsigned int)princ->princ_expire_time);
Tcl_DStringAppendElement(str, buf);
- sprintf(buf, "%d", princ->last_pwd_change);
+ sprintf(buf, "%u", (unsigned int)princ->last_pwd_change);
Tcl_DStringAppendElement(str, buf);
- sprintf(buf, "%d", princ->pw_expiration);
+ sprintf(buf, "%u", (unsigned int)princ->pw_expiration);
Tcl_DStringAppendElement(str, buf);
sprintf(buf, "%d", princ->max_life);
} else
Tcl_DStringAppendElement(str, "null");
- sprintf(buf, "%d", princ->mod_date);
+ sprintf(buf, "%u", (unsigned int)princ->mod_date);
Tcl_DStringAppendElement(str, buf);
if (mask & KADM5_ATTRIBUTES) {
sprintf(buf, "%d", princ->max_renewable_life);
Tcl_DStringAppendElement(str, buf);
- sprintf(buf, "%d", princ->last_success);
+ sprintf(buf, "%u", (unsigned int)princ->last_success);
Tcl_DStringAppendElement(str, buf);
- sprintf(buf, "%d", princ->last_failed);
+ sprintf(buf, "%u", (unsigned int)princ->last_failed);
Tcl_DStringAppendElement(str, buf);
sprintf(buf, "%d", princ->fail_auth_count);
return entry->pw_expiration;
if (entry->pw_expiration == 0)
return entry->expiration;
- return min(entry->expiration, entry->pw_expiration);
+ return ts_min(entry->expiration, entry->pw_expiration);
}
/*
old_starttime = enc_tkt_reply.times.starttime ?
enc_tkt_reply.times.starttime : enc_tkt_reply.times.authtime;
- old_life = enc_tkt_reply.times.endtime - old_starttime;
+ old_life = ts_delta(enc_tkt_reply.times.endtime, old_starttime);
enc_tkt_reply.times.starttime = kdc_time;
enc_tkt_reply.times.endtime =
- min(header_ticket->enc_part2->times.renew_till,
- kdc_time + old_life);
+ ts_min(header_ticket->enc_part2->times.renew_till,
+ ts_incr(kdc_time, old_life));
} else {
/* not a renew request */
enc_tkt_reply.times.starttime = kdc_time;
kdc_realm_t **kdc_realmlist = (kdc_realm_t **) NULL;
int kdc_numrealms = 0;
krb5_data empty_string = {0, 0, ""};
-krb5_timestamp kdc_infinity = KRB5_INT32_MAX; /* XXX */
krb5_keyblock psr_key;
krb5_int32 max_dgram_reply_size = MAX_DGRAM_SIZE;
+
+/* With ts_after(), this is the largest timestamp value. */
+krb5_timestamp kdc_infinity = -1;
ret = krb5_timeofday(context, &now);
if (ret)
goto cleanup;
- if (now - COOKIE_LIFETIME > cookie->time) {
+ if (ts2tt(now) > cookie->time + COOKIE_LIFETIME) {
/* Don't accept the cookie contents. Only return an error if the
* cookie is relevant to the request. */
if (is_relevant(cookie->data, req->padata))
ret = krb5_timeofday(context, &now);
if (ret)
goto cleanup;
- cookie.time = now;
+ cookie.time = ts2tt(now);
cookie.data = contents;
ret = encode_krb5_secure_cookie(&cookie, &der_cookie);
if (ret)
/* success */
char rep_etypestr[128];
rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
- krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %d, %s, "
+ krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %u, %s, "
"%s for %s"),
- ktypestr, fromstring, authtime,
+ ktypestr, fromstring, (unsigned int)authtime,
rep_etypestr, cname2, sname2);
} else {
/* fail */
name (useful), and doesn't log ktypestr (probably not
important). */
if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) {
- krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %d, %s%s "
+ krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %u, %s%s "
"%s for %s%s%s"),
- ktypestr, fromstring, status, authtime, rep_etypestr,
- !errcode ? "," : "", logcname, logsname,
+ ktypestr, fromstring, status, (unsigned int)authtime,
+ rep_etypestr, !errcode ? "," : "", logcname, logsname,
errcode ? ", " : "", errcode ? emsg : "");
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
krb5_klog_syslog(LOG_INFO,
logaltcname);
} else
- krb5_klog_syslog(LOG_INFO, _("TGS_REQ %s: %s: authtime %d, %s for %s, "
+ krb5_klog_syslog(LOG_INFO, _("TGS_REQ %s: %s: authtime %u, %s for %s, "
"2nd tkt client %s"),
- fromstring, status, authtime,
+ fromstring, status, (unsigned int)authtime,
logcname, logsname, logaltcname);
/* OpenSolaris: audit_krb5kdc_tgs_req(...) or
}
/* The client must not be expired */
- if (client.expiration && client.expiration < kdc_time) {
+ if (client.expiration && ts_after(kdc_time, client.expiration)) {
*status = "CLIENT EXPIRED";
if (vague_errors)
return(KRB_ERR_GENERIC);
/* The client's password must not be expired, unless the server is
a KRB5_KDC_PWCHANGE_SERVICE. */
- if (client.pw_expiration && client.pw_expiration < kdc_time &&
+ if (client.pw_expiration && ts_after(kdc_time, client.pw_expiration) &&
!isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
*status = "CLIENT KEY EXPIRED";
if (vague_errors)
}
/* The server must not be expired */
- if (server.expiration && server.expiration < kdc_time) {
+ if (server.expiration && ts_after(kdc_time, server.expiration)) {
*status = "SERVICE EXPIRED";
return(KDC_ERR_SERVICE_EXP);
}
if (till == 0)
till = kdc_infinity;
- until = min(till, endtime);
+ until = ts_min(till, endtime);
- life = until - starttime;
+ life = ts_delta(until, starttime);
if (client != NULL && client->max_life != 0)
life = min(life, client->max_life);
if (kdc_active_realm->realm_maxlife != 0)
life = min(life, kdc_active_realm->realm_maxlife);
- *out_endtime = starttime + life;
+ *out_endtime = ts_incr(starttime, life);
}
/*
if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE))
rtime = request->rtime ? request->rtime : kdc_infinity;
else if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE_OK) &&
- tkt->times.endtime < request->till)
+ ts_after(request->till, tkt->times.endtime))
rtime = request->till;
else
return;
/* Truncate it to the allowable renewable time. */
if (tgt != NULL)
- rtime = min(rtime, tgt->times.renew_till);
+ rtime = ts_min(rtime, tgt->times.renew_till);
max_rlife = min(server->max_renewable_life, realm->realm_maxrlife);
if (client != NULL)
max_rlife = min(max_rlife, client->max_renewable_life);
- rtime = min(rtime, tkt->times.starttime + max_rlife);
+ rtime = ts_min(rtime, ts_incr(tkt->times.starttime, max_rlife));
/* Make the ticket renewable if the truncated requested time is larger than
* the ticket end time. */
- if (rtime > tkt->times.endtime) {
+ if (ts_after(rtime, tkt->times.endtime)) {
setflag(tkt->flags, TKT_FLG_RENEWABLE);
tkt->times.renew_till = rtime;
}
#define max(a, b) ((a) > (b) ? (a) : (b))
#endif
+#define ts_min(a, b) (ts_after(a, b) ? (b) : (a))
+
#define ADDRTYPE2FAMILY(X) \
((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
static krb5_ui_4 seed;
#define STALE_TIME (2*60) /* two minutes */
-#define STALE(ptr, now) (abs((ptr)->timein - (now)) >= STALE_TIME)
+#define STALE(ptr, now) (labs(ts_delta((ptr)->timein, now)) >= STALE_TIME)
/* Return x rotated to the left by r bits. */
static inline krb5_ui_4
check_tgs_svc_time(krb5_kdc_req *req, krb5_db_entry server, krb5_ticket *tkt,
krb5_timestamp kdc_time, const char **status)
{
- if (server.expiration && server.expiration < kdc_time) {
+ if (server.expiration && ts_after(kdc_time, server.expiration)) {
*status = "SERVICE EXPIRED";
return KDC_ERR_SERVICE_EXP;
}
KDC time. */
if (req->kdc_options & KDC_OPT_VALIDATE) {
starttime = times->starttime ? times->starttime : times->authtime;
- if (starttime > kdc_time) {
+ if (ts_after(starttime, kdc_time)) {
*status = "NOT_YET_VALID";
return KRB_AP_ERR_TKT_NYV;
}
* Check the renew_till time. The endtime was already
* been checked in the initial authentication check.
*/
- if ((req->kdc_options & KDC_OPT_RENEW) && times->renew_till < kdc_time) {
+ if ((req->kdc_options & KDC_OPT_RENEW) &&
+ ts_after(kdc_time, times->renew_till)) {
*status = "TKT_EXPIRED";
return KRB_AP_ERR_TKT_EXPIRED;
}
if (mech_type)
*mech_type = ctx->mech_used;
- if (time_rec)
- *time_rec = ctx->krb_times.endtime + ctx->k5_context->clockskew - now;
+ if (time_rec) {
+ *time_rec = ts_delta(ctx->krb_times.endtime, now) +
+ ctx->k5_context->clockskew;
+ }
/* Never return GSS_C_DELEG_FLAG since we don't support DCE credential
* delegation yet. */
/* Add the maximum allowable clock skew as a grace period for context
* expiration, just as we do for the ticket. */
if (time_rec)
- *time_rec = ctx->krb_times.endtime + context->clockskew - now;
+ *time_rec = ts_delta(ctx->krb_times.endtime, now) + context->clockskew;
if (ret_flags)
*ret_flags = ctx->gss_flags;
char buf[128];
krb5_data d;
- snprintf(buf, sizeof(buf), "%ld", (long)refresh_time);
+ snprintf(buf, sizeof(buf), "%u", (unsigned int)ts2tt(refresh_time));
d = string2data(buf);
(void)krb5_cc_set_config(context, ccache, NULL, KRB5_CC_CONF_REFRESH_TIME,
&d);
if (krb5_timeofday(context, &now))
return FALSE;
- if (cred->refresh_time != 0 && now >= cred->refresh_time) {
- set_refresh_time(context, cred->ccache, cred->refresh_time + 30);
+ if (cred->refresh_time != 0 && !ts_after(cred->refresh_time, now)) {
+ set_refresh_time(context, cred->ccache,
+ ts_incr(cred->refresh_time, 30));
return TRUE;
}
return FALSE;
return;
/* Make a note to refresh these when they are halfway to expired. */
- refresh = times->starttime + (times->endtime - times->starttime) / 2;
+ refresh = ts_incr(times->starttime,
+ ts_delta(times->endtime, times->starttime) / 2);
set_refresh_time(context, cred->ccache, refresh);
}
GSS_C_NO_NAME);
if (GSS_ERROR(ret))
goto error_out;
- *time_rec = (cred->expire > now) ? (cred->expire - now) : 0;
+ *time_rec = ts_after(cred->expire, now) ?
+ ts_delta(cred->expire, now) : 0;
k5_mutex_unlock(&cred->lock);
}
}
return(GSS_S_FAILURE);
}
- lifetime = ctx->krb_times.endtime - now;
+ lifetime = ts_delta(ctx->krb_times.endtime, now);
if (!ctx->initiate)
lifetime += ctx->k5_context->clockskew;
if (lifetime <= 0) {
if (ret)
goto cleanup;
- ret = k5_json_array_fmt(&array, "ivvbbvvvvbiivs", cred->usage, name, imp,
+ ret = k5_json_array_fmt(&array, "ivvbbvvvvbLLvs", cred->usage, name, imp,
cred->default_identity, cred->iakerb_mech, keytab,
rcache, ccache, ckeytab, cred->have_tgt,
- cred->expire, cred->refresh_time, etypes,
+ (long long)ts2tt(cred->expire),
+ (long long)ts2tt(cred->refresh_time), etypes,
cred->password);
if (ret)
goto cleanup;
if (code != 0)
goto cleanup;
- creds.times.endtime = now + time_req;
+ creds.times.endtime = ts_incr(now, time_req);
}
if (cred->name->ad_context != NULL) {
if (code != 0)
goto cleanup;
- in_creds.times.endtime = now + time_req;
+ in_creds.times.endtime = ts_incr(now, time_req);
}
/* Make an AS request if we have no creds or it's time to refresh them. */
* boundaries) because accept_sec_context code is also similarly
* non-forgiving.
*/
- if (!krb5_gss_dbg_client_expcreds && result_creds->times.endtime < now) {
+ if (!krb5_gss_dbg_client_expcreds &&
+ ts_after(now, result_creds->times.endtime)) {
code = KRB5KRB_AP_ERR_TKT_EXPIRED;
goto cleanup;
}
if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
ctx->krb_times.endtime = 0;
} else {
- ctx->krb_times.endtime = now + time_req;
+ ctx->krb_times.endtime = ts_incr(now, time_req);
}
if ((code = kg_duplicate_name(context, cred->name, &ctx->here)))
if (time_rec) {
if ((code = krb5_timeofday(context, &now)))
goto cleanup;
- *time_rec = ctx->krb_times.endtime - now;
+ *time_rec = ts_delta(ctx->krb_times.endtime, now);
}
/* set the other returns */
if (time_rec) {
if ((code = krb5_timeofday(context, &now)))
goto fail;
- *time_rec = ctx->krb_times.endtime - now;
+ *time_rec = ts_delta(ctx->krb_times.endtime, now);
}
if (ret_flags)
/* Add the maximum allowable clock skew as a grace period for context
* expiration, just as we do for the ticket during authentication. */
- lifetime = ctx->krb_times.endtime - now;
+ lifetime = ts_delta(ctx->krb_times.endtime, now);
if (!ctx->initiate)
lifetime += context->clockskew;
if (lifetime < 0)
goto fail;
}
- if (cred->expire > 0) {
- if ((lifetime = cred->expire - now) < 0)
+ if (cred->expire != 0) {
+ lifetime = ts_delta(cred->expire, now);
+ if (lifetime < 0)
lifetime = 0;
}
else
if (code != 0)
goto cleanup;
- *time_rec = cred->expire - now;
+ *time_rec = ts_delta(cred->expire, now);
}
major_status = GSS_S_COMPLETE;
*/
-#include "autoconf.h"
-#include <stdio.h>
-#include <time.h>
-#include <string.h>
+#include "k5-int.h"
#include <kadm5/admin.h>
#include "admin_internal.h"
-#include <krb5.h>
#define string_text error_message
time_t until;
char *time_string, *ptr;
- until = princ_ent.last_pwd_change + policy_ent.pw_min_life;
+ until = ts_incr(princ_ent.last_pwd_change, policy_ent.pw_min_life);
time_string = ctime(&until);
if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
}
if (rp->mask & KADM5_PRINC_EXPIRE_TIME) {
if (!(*maskp & KADM5_PRINC_EXPIRE_TIME)
- || (recp->princ_expire_time > (now + rp->princ_lifetime)))
+ || ts_after(recp->princ_expire_time,
+ ts_incr(now, rp->princ_lifetime)))
recp->princ_expire_time = now + rp->princ_lifetime;
*maskp |= KADM5_PRINC_EXPIRE_TIME;
}
if (rp->mask & KADM5_PW_EXPIRATION) {
if (!(*maskp & KADM5_PW_EXPIRATION)
- || (recp->pw_expiration > (now + rp->pw_lifetime)))
+ || ts_after(recp->pw_expiration, ts_incr(now, rp->pw_lifetime)))
recp->pw_expiration = now + rp->pw_lifetime;
*maskp |= KADM5_PW_EXPIRATION;
}
kdb->pw_expiration = 0;
if (have_polent) {
if(polent.pw_max_life)
- kdb->pw_expiration = now + polent.pw_max_life;
+ kdb->pw_expiration = ts_incr(now, polent.pw_max_life);
else
kdb->pw_expiration = 0;
}
&(kdb->pw_expiration));
if (ret)
goto done;
- kdb->pw_expiration += pol.pw_max_life;
+ kdb->pw_expiration = ts_incr(kdb->pw_expiration, pol.pw_max_life);
} else {
kdb->pw_expiration = 0;
}
}
if (pol.pw_max_life)
- kdb->pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
else
kdb->pw_expiration = 0;
} else {
#endif
if (pol.pw_max_life)
- kdb->pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
else
kdb->pw_expiration = 0;
} else {
#endif
if (pol.pw_max_life)
- kdb->pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
else
kdb->pw_expiration = 0;
} else {
}
if (have_pol) {
if (pol.pw_max_life)
- kdb->pw_expiration = now + pol.pw_max_life;
+ kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
else
kdb->pw_expiration = 0;
} else {
* are in the future, we will return the first node; if all are in the
* past, we will return the last node.
*/
- while (list->next != NULL && list->next->act_time <= now)
+ while (list->next != NULL && !ts_after(list->next->act_time, now))
list = list->next;
return list->act_kvno;
}
encode_kerberos_time(asn1buf *buf, const void *p, taginfo *rettag,
size_t *len_out)
{
- /* Range checking for time_t vs krb5_timestamp? */
- time_t val = *(krb5_timestamp *)p;
+ time_t val = ts2tt(*(krb5_timestamp *)p);
rettag->asn1class = UNIVERSAL;
rettag->construction = PRIMITIVE;
rettag->tagnum = ASN1_GENERALTIME;
for (;;) {
if (krcc_next_cred(context, id, &cursor, &creds) != 0)
break;
- if (creds.times.endtime > endtime)
+ if (ts_after(creds.times.endtime, endtime))
endtime = creds.times.endtime;
krb5_free_cred_contents(context, &creds);
}
/* Setting the timeout to zero would reset the timeout, so we set it to one
* second instead if creds are already expired. */
- timeout = (endtime > now) ? endtime - now : 1;
+ timeout = ts_after(endtime, now) ? ts_delta(endtime, now) : 1;
(void)keyctl_set_timeout(data->cache_id, timeout);
}
if (ret)
goto errout;
- if (creds->times.endtime > now)
- (void)keyctl_set_timeout(cred_key, creds->times.endtime - now);
+ if (ts_after(creds->times.endtime, now)) {
+ (void)keyctl_set_timeout(cred_key,
+ ts_delta(creds->times.endtime, now));
+ }
update_keyring_expiration(context, id);
krcc_update_change_time(krcc_data *data)
{
krb5_timestamp now_time = time(NULL);
- data->changetime = (data->changetime >= now_time) ?
- data->changetime + 1 : now_time;
+ data->changetime = ts_after(now_time, data->changetime) ?
+ now_time : ts_incr(data->changetime, 1);
}
/*
update_mcc_change_time(krb5_mcc_data *d)
{
krb5_timestamp now_time = time(NULL);
- d->changetime = (d->changetime >= now_time) ?
- d->changetime + 1 : now_time;
+ d->changetime = ts_after(now_time, d->changetime) ?
+ now_time : ts_incr(d->changetime, 1);
}
static krb5_error_code KRB5_CALLCONV
times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
{
if (t1->renew_till) {
- if (t1->renew_till > t2->renew_till)
+ if (ts_after(t1->renew_till, t2->renew_till))
return FALSE; /* this one expires too late */
}
if (t1->endtime) {
- if (t1->endtime > t2->endtime)
+ if (ts_after(t1->endtime, t2->endtime))
return FALSE; /* this one expires too late */
}
/* only care about expiration on a times_match */
#include <malloc.h>
#endif
+#include "k5-int.h"
#include "stdcc_util.h"
-#include "krb5.h"
#ifdef _WIN32 /* it's part of krb5.h everywhere else */
#include "kv5m_err.h"
#endif
keyblock_contents = NULL;
/* copy times */
- out_creds->times.authtime = cv5->authtime + offset_seconds;
- out_creds->times.starttime = cv5->starttime + offset_seconds;
- out_creds->times.endtime = cv5->endtime + offset_seconds;
- out_creds->times.renew_till = cv5->renew_till + offset_seconds;
+ out_creds->times.authtime = ts_incr(cv5->authtime, offset_seconds);
+ out_creds->times.starttime = ts_incr(cv5->starttime, offset_seconds);
+ out_creds->times.endtime = ts_incr(cv5->endtime, offset_seconds);
+ out_creds->times.renew_till = ts_incr(cv5->renew_till, offset_seconds);
out_creds->is_skey = cv5->is_skey;
out_creds->ticket_flags = cv5->ticket_flags;
cv5->keyblock.data = keyblock_data;
keyblock_data = NULL;
- cv5->authtime = in_creds->times.authtime - offset_seconds;
- cv5->starttime = in_creds->times.starttime - offset_seconds;
- cv5->endtime = in_creds->times.endtime - offset_seconds;
- cv5->renew_till = in_creds->times.renew_till - offset_seconds;
- cv5->is_skey = in_creds->is_skey;
+ cv5->authtime = ts_incr(in_creds->times.authtime, -offset_seconds);
+ cv5->starttime = ts_incr(in_creds->times.starttime, -offset_seconds);
+ cv5->endtime = ts_incr(in_creds->times.endtime, -offset_seconds);
+ cv5->renew_till = ts_incr(in_creds->times.renew_till, -offset_seconds);
+ cv5->is_skey = in_creds->is_skey;
cv5->ticket_flags = in_creds->ticket_flags;
if (in_creds->ticket.data) {
err = krb5_get_time_offsets(context, &offset_seconds, &offset_microseconds);
if (err) return;
#endif
- dest->times.authtime = src->authtime + offset_seconds;
- dest->times.starttime = src->starttime + offset_seconds;
- dest->times.endtime = src->endtime + offset_seconds;
- dest->times.renew_till = src->renew_till + offset_seconds;
+ dest->times.authtime = ts_incr(src->authtime, offset_seconds);
+ dest->times.starttime = ts_incr(src->starttime, offset_seconds);
+ dest->times.endtime = ts_incr(src->endtime, offset_seconds);
+ dest->times.renew_till = ts_incr(src->renew_till, offset_seconds);
dest->is_skey = src->is_skey;
dest->ticket_flags = src->ticket_flags;
err = krb5_get_time_offsets(context, &offset_seconds, &offset_microseconds);
if (err) return;
#endif
- c->authtime = creds->times.authtime - offset_seconds;
- c->starttime = creds->times.starttime - offset_seconds;
- c->endtime = creds->times.endtime - offset_seconds;
- c->renew_till = creds->times.renew_till - offset_seconds;
+ c->authtime = ts_incr(creds->times.authtime, -offset_seconds);
+ c->starttime = ts_incr(creds->times.starttime, -offset_seconds);
+ c->endtime = ts_incr(creds->times.endtime, -offset_seconds);
+ c->renew_till = ts_incr(creds->times.renew_till, -offset_seconds);
c->is_skey = creds->is_skey;
c->ticket_flags = creds->ticket_flags;
register const krb5_ticket_times *t2;
{
if (t1->renew_till) {
- if (t1->renew_till > t2->renew_till)
+ if (ts_after(t1->renew_till, t2->renew_till))
return FALSE; /* this one expires too late */
}
if (t1->endtime) {
- if (t1->endtime > t2->endtime)
+ if (ts_after(t1->endtime, t2->endtime))
return FALSE; /* this one expires too late */
}
/* only care about expiration on a times_match */
ret = krb5_cccol_cursor_next(context, c, &ccache);
if (ccache) {
ret = krb5_cc_last_change_time(context, ccache, &last_time);
- if (!ret && last_time > max_change_time) {
+ if (!ret && ts_after(last_time, max_change_time)) {
max_change_time = last_time;
}
ret = 0;
* limitations (8-bit kvno storage), pre-1.14 kadmin protocol limitations
* (8-bit kvno marshalling), or KDB limitations (16-bit kvno storage).
*/
- if (k1->timestamp >= k2->timestamp && k1->vno < 128 && k2->vno > 240)
+ if (!ts_after(k2->timestamp, k1->timestamp) &&
+ k1->vno < 128 && k2->vno > 240)
return TRUE;
- if (k1->timestamp <= k2->timestamp && k1->vno > 240 && k2->vno < 128)
+ if (!ts_after(k1->timestamp, k2->timestamp) &&
+ k1->vno > 240 && k2->vno < 128)
return FALSE;
/* Otherwise do a simple version comparison. */
retval = KRB5_KDCREP_MODIFIED;
if ((in_cred->times.endtime != 0) &&
- (dec_rep->enc_part2->times.endtime > in_cred->times.endtime))
+ ts_after(dec_rep->enc_part2->times.endtime, in_cred->times.endtime))
retval = KRB5_KDCREP_MODIFIED;
if ((kdcoptions & KDC_OPT_RENEWABLE) &&
(in_cred->times.renew_till != 0) &&
- (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till))
+ ts_after(dec_rep->enc_part2->times.renew_till,
+ in_cred->times.renew_till))
retval = KRB5_KDCREP_MODIFIED;
if ((kdcoptions & KDC_OPT_RENEWABLE_OK) &&
(dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
(in_cred->times.endtime != 0) &&
- (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime))
+ ts_after(dec_rep->enc_part2->times.renew_till, in_cred->times.endtime))
retval = KRB5_KDCREP_MODIFIED;
if (retval != 0)
return code;
/* Check if the TGT is expired before bothering the KDC with it. */
- if (now > tgt->times.endtime) {
+ if (ts_after(now, tgt->times.endtime)) {
krb5_free_creds(context, tgt);
return KRB5KRB_AP_ERR_TKT_EXPIRED;
}
krb5_data *realm,
krb5_pa_data **padata);
-/*
- * This function performs 32 bit bounded addition so we can generate
- * lifetimes without overflowing krb5_int32
- */
-static krb5_int32
-krb5int_addint32 (krb5_int32 x, krb5_int32 y)
-{
- if ((x > 0) && (y > (KRB5_INT32_MAX - x))) {
- /* sum will be be greater than KRB5_INT32_MAX */
- return KRB5_INT32_MAX;
- } else if ((x < 0) && (y < (KRB5_INT32_MIN - x))) {
- /* sum will be less than KRB5_INT32_MIN */
- return KRB5_INT32_MIN;
- }
-
- return x + y;
-}
-
/*
* Decrypt the AS reply in ctx, populating ctx->reply->enc_part2. If
* strengthen_key is not null, combine it with the reply key as specified in
(request->from != 0) &&
(request->from != as_reply->enc_part2->times.starttime))
|| ((request->till != 0) &&
- (as_reply->enc_part2->times.endtime > request->till))
+ ts_after(as_reply->enc_part2->times.endtime, request->till))
|| ((request->kdc_options & KDC_OPT_RENEWABLE) &&
(request->rtime != 0) &&
- (as_reply->enc_part2->times.renew_till > request->rtime))
+ ts_after(as_reply->enc_part2->times.renew_till, request->rtime))
|| ((request->kdc_options & KDC_OPT_RENEWABLE_OK) &&
!(request->kdc_options & KDC_OPT_RENEWABLE) &&
(as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) &&
(request->till != 0) &&
- (as_reply->enc_part2->times.renew_till > request->till))
+ ts_after(as_reply->enc_part2->times.renew_till, request->till))
) {
return KRB5_KDCREP_MODIFIED;
}
if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) {
- time_offset = as_reply->enc_part2->times.authtime - time_now;
+ time_offset = ts_delta(as_reply->enc_part2->times.authtime, time_now);
retval = krb5_set_time_offsets(context, time_offset, 0);
if (retval)
return retval;
return code;
/* Omit request start time unless the caller explicitly asked for one. */
- from = krb5int_addint32(now, ctx->start_time);
+ from = ts_incr(now, ctx->start_time);
if (ctx->start_time != 0)
ctx->request->from = from;
- ctx->request->till = krb5int_addint32(from, ctx->tkt_life);
+ ctx->request->till = ts_incr(from, ctx->tkt_life);
if (ctx->renew_life > 0) {
/* Don't ask for a smaller renewable time than the lifetime. */
- ctx->request->rtime = krb5int_addint32(from, ctx->renew_life);
+ ctx->request->rtime = ts_incr(from, ctx->renew_life);
if (ctx->request->rtime < ctx->request->till)
ctx->request->rtime = ctx->request->till;
ctx->request->kdc_options &= ~KDC_OPT_RENEWABLE_OK;
if (k5_time_with_offset(0, 0, &now, &usec) != 0)
return;
- ctx->pa_offset = kdc_time - now;
+ ctx->pa_offset = ts_delta(kdc_time, now);
ctx->pa_offset_usec = kdc_usec - usec;
ctx->pa_offset_state = (ctx->fast_state->armor_key != NULL) ?
AUTH_OFFSET : UNAUTH_OFFSET;
{
int i;
krb5_int32 starttime;
+ krb5_deltat lifetime;
krb5_get_init_creds_opt *opt;
krb5_error_code retval;
if (retval)
goto cleanup;
if (creds->times.starttime) starttime = creds->times.starttime;
- krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
+ lifetime = ts_delta(creds->times.endtime, starttime);
+ krb5_get_init_creds_opt_set_tkt_life(opt, lifetime);
}
*out = opt;
return 0;
if (ret != 0)
return;
if (!is_last_req &&
- (pw_exp < now || (pw_exp - now) > 7 * 24 * 60 * 60))
+ (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60))
return;
if (!prompter)
if (ret != 0)
return;
- delta = pw_exp - now;
+ delta = ts_delta(pw_exp, now);
if (delta < 3600) {
snprintf(banner, sizeof(banner),
_("Warning: Your password will expire in less than one hour "
krb5_flags *fields);
#define in_clock_skew(context, date, now) \
- (labs((date) - (now)) < (context)->clockskew)
+ (labs(ts_delta(date, now)) < (context)->clockskew)
#define IS_TGS_PRINC(p) ((p)->length == 2 && \
data_eq_string((p)->data[0], KRB5_TGS_NAME))
abstime = ntTime > 0 ? ntTime - NT_TIME_EPOCH : -ntTime;
- if (abstime > KRB5_INT32_MAX)
+ if (abstime > UINT32_MAX)
return ERANGE;
*elapsedSeconds = abstime;
krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen)
{
size_t ret;
- time_t timestamp2 = timestamp;
+ time_t timestamp2 = ts2tt(timestamp);
struct tm tmbuf;
const char *fmt = "%c"; /* This is to get around gcc -Wall warning that
the year returned might be two digits */
struct tm *tmp;
size_t i;
size_t ndone;
- time_t timestamp2 = timestamp;
+ time_t timestamp2 = ts2tt(timestamp);
struct tm tmbuf;
static const char * const sftime_format_table[] = {
*/
#include "autoconf.h"
-#include "krb5.h"
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
+#include "k5-int.h"
#include <time.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
#include "com_err.h"
com_err("krb5_string_to_timestamp", retval, 0);
return;
}
- t = (time_t) timestamp;
+ t = ts2tt(timestamp);
printf("Parsed time was %s", ctime(&t));
}
else
starttime = times->authtime;
- if (starttime - currenttime > context->clockskew)
+ if (ts_delta(starttime, currenttime) > context->clockskew)
return KRB5KRB_AP_ERR_TKT_NYV; /* ticket not yet valid */
- if ((currenttime - times->endtime) > context->clockskew)
+ if (ts_delta(currenttime, times->endtime) > context->clockskew)
return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */
return 0;
ret = krb5_timeofday(context, &in_creds.times.endtime);
if (ret)
goto cleanup;
- in_creds.times.endtime += 5*60;
+ in_creds.times.endtime = ts_incr(in_creds.times.endtime, 5 * 60);
ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);
if (ret)
goto cleanup;
retval = krb5_timeofday(context, ¤ttime);
if (retval)
return retval;
- if (!(labs((date)-currenttime) < context->clockskew))
+ if (labs(ts_delta(date, currenttime)) >= context->clockskew)
return KRB5KRB_AP_ERR_SKEW;
return 0;
if (retval)
return retval;
- os_ctx->time_offset = seconds - sec;
+ os_ctx->time_offset = ts_delta(seconds, sec);
os_ctx->usec_offset = (microseconds > -1) ? microseconds - usec : 0;
os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
usec += offset_usec;
if (usec > 1000000) {
usec -= 1000000;
- sec++;
+ sec = ts_incr(sec, 1);
}
if (usec < 0) {
usec += 1000000;
- sec--;
+ sec = ts_incr(sec, -1);
}
- sec += offset;
+ sec = ts_incr(sec, offset);
*time_out = sec;
*usec_out = usec;
{
if (mytime == 0)
return CMP_HOHUM; /* who cares? */
- /* I hope we don't have to worry about overflow */
- if (new1->ctime + t < mytime)
+ if (ts_after(mytime, ts_incr(new1->ctime, t)))
return CMP_EXPIRED;
return CMP_HOHUM;
}
krb5_donot_replay rep;
krb5_data d;
- if (now_timestamp > 0)
+ if (now_timestamp != 0)
krb5_set_debugging_time(ctx, now_timestamp, now_usec);
if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec)))
goto cleanup;
msg = (**argv) ? *argv : NULL;
argc--; argv++;
if (!argc) usage(progname);
- timestamp = (krb5_timestamp) atol(*argv);
+ timestamp = (krb5_timestamp) atoll(*argv);
argc--; argv++;
if (!argc) usage(progname);
usec = (krb5_int32) atol(*argv);
argc--; argv++;
if (!argc) usage(progname);
- now_timestamp = (krb5_timestamp) atol(*argv);
+ now_timestamp = (krb5_timestamp) atoll(*argv);
argc--; argv++;
if (!argc) usage(progname);
now_usec = (krb5_int32) atol(*argv);
rcspec = *argv;
argc--; argv++;
if (!argc) usage(progname);
- now_timestamp = (krb5_timestamp) atol(*argv);
+ now_timestamp = (krb5_timestamp) atoll(*argv);
argc--; argv++;
if (!argc) usage(progname);
now_usec = (krb5_int32) atol(*argv);
/* If the entry was unlocked since the last failure, it's not locked. */
if (krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time) == 0 &&
- entry->last_failed <= unlock_time)
+ !ts_after(entry->last_failed, unlock_time))
return FALSE;
if (max_fail == 0 || entry->fail_auth_count < max_fail)
if (lockout_duration == 0)
return TRUE; /* principal permanently locked */
- return (stamp < entry->last_failed + lockout_duration);
+ return ts_after(ts_incr(entry->last_failed, lockout_duration), stamp);
}
krb5_error_code
status == KRB5KRB_AP_ERR_BAD_INTEGRITY)) {
if (krb5_dbe_lookup_last_admin_unlock(context, entry,
&unlock_time) == 0 &&
- entry->last_failed <= unlock_time) {
+ !ts_after(entry->last_failed, unlock_time)) {
/* Reset fail_auth_count after administrative unlock. */
entry->fail_auth_count = 0;
}
if (failcnt_interval != 0 &&
- stamp > entry->last_failed + failcnt_interval) {
+ ts_after(stamp, ts_incr(entry->last_failed, failcnt_interval))) {
/* Reset fail_auth_count after failcnt_interval. */
entry->fail_auth_count = 0;
}
{
struct tm tme;
char *strtime=NULL;
- time_t posixtime = epochtime;
+ time_t posixtime = ts2tt(epochtime);
strtime = calloc (50, 1);
if (strtime == NULL)
/* If the entry was unlocked since the last failure, it's not locked. */
if (krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time) == 0 &&
- entry->last_failed <= unlock_time)
+ !ts_after(entry->last_failed, unlock_time))
return FALSE;
if (max_fail == 0 || entry->fail_auth_count < max_fail)
if (lockout_duration == 0)
return TRUE; /* principal permanently locked */
- return (stamp < entry->last_failed + lockout_duration);
+ return ts_after(ts_incr(entry->last_failed, lockout_duration), stamp);
}
krb5_error_code
status == KRB5KRB_AP_ERR_BAD_INTEGRITY)) {
if (krb5_dbe_lookup_last_admin_unlock(context, entry,
&unlock_time) == 0 &&
- entry->last_failed <= unlock_time) {
+ !ts_after(entry->last_failed, unlock_time)) {
/* Reset fail_auth_count after administrative unlock. */
entry->fail_auth_count = 0;
entry->mask |= KADM5_FAIL_AUTH_COUNT;
}
if (failcnt_interval != 0 &&
- stamp > entry->last_failed + failcnt_interval) {
+ ts_after(stamp, ts_incr(entry->last_failed, failcnt_interval))) {
/* Reset fail_auth_count after failcnt_interval */
entry->fail_auth_count = 0;
entry->mask |= KADM5_FAIL_AUTH_COUNT;
#include "cns.h"
#include "tktlist.h"
+#define ts2tt(t) (time_t)(uint32_t)(t)
+
/*
* Ticket information for a list line
*/
ncred++;
strcpy (buf, " ");
- strncat(buf, short_date (c.times.starttime - kwin_get_epoch()),
+ strncat(buf, short_date(ts2tt(c.times.starttime) - kwin_get_epoch()),
sizeof(buf) - 1 - strlen(buf));
strncat(buf, " ", sizeof(buf) - 1 - strlen(buf));
- strncat(buf, short_date (c.times.endtime - kwin_get_epoch()),
+ strncat(buf, short_date(ts2tt(c.times.endtime) - kwin_get_epoch()),
sizeof(buf) - 1 - strlen(buf));
strncat(buf, " ", sizeof(buf) - 1 - strlen(buf));
return -1;
lpinfo->ticket = TRUE;
- lpinfo->issue_time = c.times.starttime - kwin_get_epoch();
- lpinfo->lifetime = c.times.endtime - c.times.starttime;
+ lpinfo->issue_time = ts2tt(c.times.starttime) - kwin_get_epoch();
+ lpinfo->lifetime = ts2tt(c.times.endtime) - c.times.starttime;
strcpy(lpinfo->buf, buf);
rc = ListBox_AddItemData(hwnd, lpinfo);
TicketList *next;
char *service;
char *encTypes;
- krb5_timestamp issued;
- krb5_timestamp valid_until;
- krb5_timestamp renew_until;
+ time_t issued;
+ time_t valid_until;
+ time_t renew_until;
unsigned long flags;
};
char *ccache_name;
TicketList *ticket_list;
int btickets; /* Do we have tickets? */
- long issued; /* The issue time */
- long valid_until; /* */
- long renew_until; /* The Renew time (k5 only) */
+ time_t issued; /* The issue time */
+ time_t valid_until; /* */
+ time_t renew_until; /* The Renew time (k5 only) */
unsigned long flags;
};
static void
CredToTicketInfo(krb5_creds KRBv5Credentials, TICKETINFO *ticketinfo)
{
- ticketinfo->issued = KRBv5Credentials.times.starttime;
- ticketinfo->valid_until = KRBv5Credentials.times.endtime;
+ ticketinfo->issued = (DWORD)KRBv5Credentials.times.starttime;
+ ticketinfo->valid_until = (DWORD)KRBv5Credentials.times.endtime;
ticketinfo->renew_until = KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE ?
- KRBv5Credentials.times.renew_till : 0;
+ (DWORD)KRBv5Credentials.times.renew_till : (DWORD)0;
_tzset();
if ( ticketinfo->valid_until - time(0) <= 0L )
ticketinfo->btickets = EXPD_TICKETS;
functionName = "calloc()";
goto cleanup;
}
- list->issued = KRBv5Credentials.times.starttime;
- list->valid_until = KRBv5Credentials.times.endtime;
+ list->issued = (DWORD)KRBv5Credentials.times.starttime;
+ list->valid_until = (DWORD)KRBv5Credentials.times.endtime;
if (KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE)
- list->renew_until = KRBv5Credentials.times.renew_till;
+ list->renew_until = (DWORD)KRBv5Credentials.times.renew_till;
else
list->renew_until = 0;
bool change_icon_size = true;
-void krb5TimestampToFileTime(krb5_timestamp t, LPFILETIME pft)
+void TimestampToFileTime(time_t t, LPFILETIME pft)
{
// Note that LONGLONG is a 64-bit value
- LONGLONG ll;
+ ULONGLONG ll;
- ll = Int32x32To64(t, 10000000) + 116444736000000000;
+ ll = UInt32x32To64((DWORD)t, 10000000) + 116444736000000000;
pft->dwLowDateTime = (DWORD)ll;
pft->dwHighDateTime = ll >> 32;
}
// allocate outstr
-void krb5TimestampToLocalizedString(krb5_timestamp t, LPTSTR *outStr)
+void TimestampToLocalizedString(time_t t, LPTSTR *outStr)
{
FILETIME ft, lft;
SYSTEMTIME st;
- krb5TimestampToFileTime(t, &ft);
+ TimestampToFileTime(t, &ft);
FileTimeToLocalFileTime(&ft, &lft);
FileTimeToSystemTime(&lft, &st);
TCHAR timeFormat[80]; // 80 is max required for LOCALE_STIMEFORMAT
CCacheDisplayData *elem,
int iItem,
char *principal,
- long issued,
- long valid_until,
- long renew_until,
+ time_t issued,
+ time_t valid_until,
+ time_t renew_until,
char *encTypes,
unsigned long flags,
char *ccache_name)
if (issued == 0) {
list.SetItemText(iItem, iSubItem++, "Unknown");
} else {
- krb5TimestampToLocalizedString(issued, &localTimeStr);
+ TimestampToLocalizedString(issued, &localTimeStr);
list.SetItemText(iItem, iSubItem++, localTimeStr);
}
}
} else if (valid_until < now) {
list.SetItemText(iItem, iSubItem++, "Expired");
} else if (renew_until) {
- krb5TimestampToLocalizedString(renew_until, &localTimeStr);
+ TimestampToLocalizedString(renew_until, &localTimeStr);
DurationToString(renew_until - now, &durationStr);
if (localTimeStr && durationStr) {
_snprintf(tempStr, MAX_DURATION_STR, "%s %s", localTimeStr, durationStr);
} else if (valid_until < now) {
list.SetItemText(iItem, iSubItem++, "Expired");
} else {
- krb5TimestampToLocalizedString(valid_until, &localTimeStr);
+ TimestampToLocalizedString(valid_until, &localTimeStr);
DurationToString(valid_until - now, &durationStr);
if (localTimeStr && durationStr) {
_snprintf(tempStr, MAX_DURATION_STR, "%s %s", localTimeStr, durationStr);
_tzset();
while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) {
if ((!pkrb5_is_config_principal(ctx, creds.server)) &&
- (creds.times.endtime - time(0) > 0))
+ ((time_t)(DWORD)creds.times.endtime - time(0) > 0))
have_tickets = TRUE;
pkrb5_free_cred_contents(ctx, &creds);
break;
if (!krb5_is_config_principal(kcontext, creds.server) &&
- creds.times.endtime > now)
+ ts_after(creds.times.endtime, now))
*has_tickets = 1;
krb5_free_cred_contents(kcontext, &creds);
projects / thirdparty / krb5.git / commitdiff
