From: Joseph Sutton Date: Mon, 10 May 2021 04:43:03 +0000 (+1200) Subject: python: Fix ticket timestamp conversion when local timezone is not UTC X-Git-Tag: tevent-0.11.0~803 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b9006f33343ba8bb82ef8ffe1fd90c780961b41e;p=thirdparty%2Fsamba.git python: Fix ticket timestamp conversion when local timezone is not UTC Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index d8193ae9cdc..e345f739e1c 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -18,7 +18,7 @@ import sys import os -from datetime import datetime +from datetime import datetime, timezone import tempfile sys.path.insert(0, "bin/python") @@ -519,11 +519,26 @@ class KDCBaseTest(RawKerberosTest): cred.server = sprincipal cred.keyblock = keyblock cred.authtime = int(datetime.strptime(authtime.decode(), - "%Y%m%d%H%M%SZ").timestamp()) + "%Y%m%d%H%M%SZ") + .replace(tzinfo=timezone.utc).timestamp()) cred.starttime = int(datetime.strptime(starttime.decode(), - "%Y%m%d%H%M%SZ").timestamp()) + "%Y%m%d%H%M%SZ") + .replace(tzinfo=timezone.utc).timestamp()) cred.endtime = int(datetime.strptime(endtime.decode(), - "%Y%m%d%H%M%SZ").timestamp()) + "%Y%m%d%H%M%SZ") + .replace(tzinfo=timezone.utc).timestamp()) + + # Account for clock skew of up to five minutes. + self.assertLess(cred.authtime - 5*60, + datetime.now(timezone.utc).timestamp(), + "Ticket not yet valid - clocks may be out of sync.") + self.assertLess(cred.starttime - 5*60, + datetime.now(timezone.utc).timestamp(), + "Ticket not yet valid - clocks may be out of sync.") + self.assertGreater(cred.endtime - 60*60, + datetime.now(timezone.utc).timestamp(), + "Ticket already expired/about to expire - clocks may be out of sync.") + cred.renew_till = cred.endtime cred.is_skey = 0 cred.ticket_flags = int(enc_part['flags'], 2)