From 018bdbc29db035e14019f0f58aba035cc86b534e Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Wed, 22 Jun 2022 20:01:12 +1200 Subject: CVE-2022-2031 third_party/heimdal: Add function to get current KDC time This allows the plugin to check the endtime of a ticket against the KDC's current time, to see if the ticket will expire in the next two minutes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton --- third_party/heimdal/kdc/libkdc-exports.def | 1 + third_party/heimdal/kdc/process.c | 6 ++++++ third_party/heimdal/kdc/version-script.map | 1 + 3 files changed, 8 insertions(+) (limited to 'third_party') diff --git a/third_party/heimdal/kdc/libkdc-exports.def b/third_party/heimdal/kdc/libkdc-exports.def index 2c4564bcadc..fc4fb812a77 100644 --- a/third_party/heimdal/kdc/libkdc-exports.def +++ b/third_party/heimdal/kdc/libkdc-exports.def @@ -10,6 +10,7 @@ EXPORTS kdc_validate_token krb5_kdc_plugin_init krb5_kdc_get_config + krb5_kdc_get_time krb5_kdc_pkinit_config krb5_kdc_set_dbinfo krb5_kdc_process_krb5_request diff --git a/third_party/heimdal/kdc/process.c b/third_party/heimdal/kdc/process.c index cf8ab060ec9..98a405e17d9 100644 --- a/third_party/heimdal/kdc/process.c +++ b/third_party/heimdal/kdc/process.c @@ -216,6 +216,12 @@ krb5_kdc_update_time(struct timeval *tv) _kdc_now = *tv; } +KDC_LIB_FUNCTION struct timeval KDC_LIB_CALL +krb5_kdc_get_time(void) +{ + return _kdc_now; +} + #define EXTEND_REQUEST_T(LHS, RHS) do { \ RHS = realloc(LHS, sizeof(*RHS)); \ diff --git a/third_party/heimdal/kdc/version-script.map b/third_party/heimdal/kdc/version-script.map index 72a21e62950..55dc91e74be 100644 --- a/third_party/heimdal/kdc/version-script.map +++ b/third_party/heimdal/kdc/version-script.map @@ -13,6 +13,7 @@ HEIMDAL_KDC_1.0 { kdc_validate_token; krb5_kdc_plugin_init; krb5_kdc_get_config; + krb5_kdc_get_time; krb5_kdc_pkinit_config; krb5_kdc_set_dbinfo; krb5_kdc_process_krb5_request; -- cgit v1.2.1