git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 19 Sep 2022 19:18:50 +0000 (15:18 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 27 Sep 2022 05:48:07 +0000 (01:48 -0400)
commit	29600cf1db888d91c42cbd6cf72652afe8c1ee66
tree	570fc910364c01e86f5f3ea3027cfd54afab31d1	tree
parent	70f61d417261ca17efe3d60d180033bea2da60b0	commit \| diff

Add and use ts_interval() helper

ts_delta() returns a signed result, which cannot hold an interval
larger than 2^31-1 seconds. Intervals like this have been seen when
admins set password expiration dates more than 68 years in the future.

Add a second helper ts_interval() which returns an unsigned result,
and has the arguments reversed so that the start time is first. Use
it in warn_pw_expiry() to handle the password expiration case, in the
GSS krb5 mech where we return an unsigned context or credential
lifetime to the caller, and in the KEYRING ccache type where we
compute an unsigned keyring timeout.

ticket: 9071 (new)

src/include/k5-int.h		diff \| blob \| blame \| history
src/lib/gssapi/krb5/accept_sec_context.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/acquire_cred.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/context_time.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/init_sec_context.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/inq_context.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/inq_cred.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/s4u_gss_glue.c		diff \| blob \| blame \| history
src/lib/krb5/ccache/cc_keyring.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history