diff options
Diffstat (limited to 'crypto/heimdal/kdc/kerberos4.c')
-rw-r--r-- | crypto/heimdal/kdc/kerberos4.c | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c index 8c6c3f0..050db5d 100644 --- a/crypto/heimdal/kdc/kerberos4.c +++ b/crypto/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos4.c,v 1.45 2003/03/17 05:37:55 assar Exp $"); +RCSID("$Id: kerberos4.c,v 1.45.2.1 2004/03/30 10:29:27 lha Exp $"); #ifdef KRB4 @@ -133,7 +133,7 @@ do_version4(unsigned char *buf, char *name = NULL, *inst = NULL, *realm = NULL; char *sname = NULL, *sinst = NULL; int32_t req_time; - time_t max_life; + time_t max_life, max_end, actual_end, issue_time; u_int8_t life; char client_name[256]; char server_name[256]; @@ -425,17 +425,22 @@ do_version4(unsigned char *buf, goto out2; } - max_life = krb_life_to_time(ad.time_sec, ad.life); - max_life = min(max_life, krb_life_to_time(kdc_time, life)); - life = min(life, krb_time_to_life(kdc_time, max_life)); - max_life = krb_life_to_time(0, life); -#if 0 - if(client->max_life) - max_life = min(max_life, *client->max_life); -#endif - if(server->max_life) - max_life = min(max_life, *server->max_life); + max_end = krb_life_to_time(ad.time_sec, ad.life); + max_end = min(max_end, krb_life_to_time(kdc_time, life)); + life = min(life, krb_time_to_life(kdc_time, max_end)); + issue_time = kdc_time; + actual_end = krb_life_to_time(issue_time, life); + while (actual_end > max_end && life > 1) { + /* move them into the next earlier lifetime bracket */ + life--; + actual_end = krb_life_to_time(issue_time, life); + } + if (actual_end > max_end) { + /* if life <= 1 and it's still too long, backdate the ticket */ + issue_time -= actual_end - max_end; + } + { KTEXT_ST cipher, ticket; KTEXT r; @@ -443,13 +448,14 @@ do_version4(unsigned char *buf, des_new_random_key(&session); krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm, - addr->sin_addr.s_addr, &session, life, kdc_time, + addr->sin_addr.s_addr, &session, life, + issue_time, sname, sinst, skey->key.keyvalue.data); create_ciph(&cipher, session, sname, sinst, v4_realm, life, server->kvno % 256, &ticket, - kdc_time, &ad.session); - + issue_time, &ad.session); + memset(&session, 0, sizeof(session)); memset(ad.session, 0, sizeof(ad.session)); |