summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc/kerberos4.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kdc/kerberos4.c')
-rw-r--r--crypto/heimdal/kdc/kerberos4.c38
1 files changed, 22 insertions, 16 deletions
diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c
index 8c6c3f0..050db5d 100644
--- a/crypto/heimdal/kdc/kerberos4.c
+++ b/crypto/heimdal/kdc/kerberos4.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kerberos4.c,v 1.45 2003/03/17 05:37:55 assar Exp $");
+RCSID("$Id: kerberos4.c,v 1.45.2.1 2004/03/30 10:29:27 lha Exp $");
#ifdef KRB4
@@ -133,7 +133,7 @@ do_version4(unsigned char *buf,
char *name = NULL, *inst = NULL, *realm = NULL;
char *sname = NULL, *sinst = NULL;
int32_t req_time;
- time_t max_life;
+ time_t max_life, max_end, actual_end, issue_time;
u_int8_t life;
char client_name[256];
char server_name[256];
@@ -425,17 +425,22 @@ do_version4(unsigned char *buf,
goto out2;
}
- max_life = krb_life_to_time(ad.time_sec, ad.life);
- max_life = min(max_life, krb_life_to_time(kdc_time, life));
- life = min(life, krb_time_to_life(kdc_time, max_life));
- max_life = krb_life_to_time(0, life);
-#if 0
- if(client->max_life)
- max_life = min(max_life, *client->max_life);
-#endif
- if(server->max_life)
- max_life = min(max_life, *server->max_life);
+ max_end = krb_life_to_time(ad.time_sec, ad.life);
+ max_end = min(max_end, krb_life_to_time(kdc_time, life));
+ life = min(life, krb_time_to_life(kdc_time, max_end));
+ issue_time = kdc_time;
+ actual_end = krb_life_to_time(issue_time, life);
+ while (actual_end > max_end && life > 1) {
+ /* move them into the next earlier lifetime bracket */
+ life--;
+ actual_end = krb_life_to_time(issue_time, life);
+ }
+ if (actual_end > max_end) {
+ /* if life <= 1 and it's still too long, backdate the ticket */
+ issue_time -= actual_end - max_end;
+ }
+
{
KTEXT_ST cipher, ticket;
KTEXT r;
@@ -443,13 +448,14 @@ do_version4(unsigned char *buf,
des_new_random_key(&session);
krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm,
- addr->sin_addr.s_addr, &session, life, kdc_time,
+ addr->sin_addr.s_addr, &session, life,
+ issue_time,
sname, sinst, skey->key.keyvalue.data);
create_ciph(&cipher, session, sname, sinst, v4_realm,
life, server->kvno % 256, &ticket,
- kdc_time, &ad.session);
-
+ issue_time, &ad.session);
+
memset(&session, 0, sizeof(session));
memset(ad.session, 0, sizeof(ad.session));
OpenPOWER on IntegriCloud