No support for negative password expiration last-req hint

Fixing an omission; previous code didn't support a negative value for the
password expiration hint (which is legal).  Pointed out by Ezra Peisach.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14938 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/include/krb5.hin b/src/include/krb5.hin
index 7ab1cde043b2849aa02661a81426efb9aa03b681..345660253e3c90ec806b0a694adaa5b13be6d3d5 100644 (file)
--- a/src/include/krb5.hin
+++ b/src/include/krb5.hin
@@ -839,7 +839,8 @@ krb5_error_code krb5_decrypt_data
 #define KRB5_LRQ_ONE_LAST_RENEWAL      (-4)
 #define KRB5_LRQ_ALL_LAST_REQ          5
 #define KRB5_LRQ_ONE_LAST_REQ          (-5)
-#define KRB5_LRQ_PW_EXPTIME            6
+#define KRB5_LRQ_ALL_PW_EXPTIME                6
+#define KRB5_LRQ_ONE_PW_EXPTIME                (-6)
 
 /* PADATA types */
 #define KRB5_PADATA_NONE               0

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 776669af4042d4384dfdbe37360838d0f5a3f1f3..287ee7b7bc3b99dd4f943278b82ed3a71a291ddd 100644 (file)
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -323,7 +323,8 @@ cleanup:
          */
 
         for (last_req = as_reply->enc_part2->last_req; *last_req; last_req++)
-           if ((*last_req)->lr_type == KRB5_LRQ_PW_EXPTIME) {
+           if ((*last_req)->lr_type == KRB5_LRQ_ALL_PW_EXPTIME ||
+               (*last_req)->lr_type == KRB5_LRQ_ONE_PW_EXPTIME) {
               krb5_deltat delta;
               char ts[256];