another krb4 ticket backdating fix
authorTom Yu <tlyu@mit.edu>
Sat, 24 Jul 2004 00:40:18 +0000 (00:40 +0000)
committerTom Yu <tlyu@mit.edu>
Sat, 24 Jul 2004 00:40:18 +0000 (00:40 +0000)
* kerberos_v4.c (kerberos_v4): Duplicate backdating fix for
APPL_REQUEST as well.  Fix comments.

ticket: new
version_reported: 1.3.3
target_version: 1.3.5
tags: pullup
component: krb5-kdc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16623 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/ChangeLog
src/kdc/kerberos_v4.c

index 968dfa45a9a7cfc3828b249e55a60c4fe2006aa7..4d0103c8785b7af419f892703d52285357d0e97c 100644 (file)
@@ -1,3 +1,8 @@
+2004-07-23  Tom Yu  <tlyu@mit.edu>
+
+       * kerberos_v4.c (kerberos_v4): Duplicate backdating fix for
+       APPL_REQUEST as well.  Fix comments.
+
 2004-06-07  Ezra Peisach  <epeisach@mit.edu.edu>
 
        * network.c (paddr): Use unsigned int for length.
index ffa5bdd2b0bbc40de6950a40303466f7a2a62eaa..84b632bff1eb26c264d68bec128ee0736adff571 100644 (file)
@@ -740,8 +740,7 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            v4endtime = krb_life_to_time(kerb_time.tv_sec, lifetime);
            /*
             * Adjust issue time backwards if necessary, due to
-            * roundup in krb_time_to_life().  XXX This frobs
-            * kerb_time, which is potentially problematic.
+            * roundup in krb_time_to_life().
             */
            if (v4endtime > v4req_end)
                request_backdate = v4endtime - v4req_end;
@@ -815,6 +814,8 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            char   *service;    /* Service name */
            char   *instance;   /* Service instance */
            int     kerno = 0;  /* Kerberos error number */
+           unsigned int request_backdate =  0; /*How far to backdate
+                                                 in seconds.*/
            char    tktrlm[REALM_SZ];
 
            n_appl_req++;
@@ -934,11 +935,10 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            v4endtime = krb_life_to_time(kerb_time.tv_sec, lifetime);
            /*
             * Adjust issue time backwards if necessary, due to
-            * roundup in krb_time_to_life().  XXX This frobs
-            * kerb_time, which is potentially problematic.
+            * roundup in krb_time_to_life().
             */
            if (v4endtime > v4req_end)
-               kerb_time.tv_sec -= v4endtime - v4req_end;
+               request_backdate = v4endtime - v4req_end;
 
            /* unseal server's key from master key */
            memcpy(key,                &s_name_data.key_low,  4);
@@ -959,7 +959,7 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
            krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
                              ad->prealm, client_host.s_addr,
                              (char *) session_key, lifetime,
-                             kerb_time.tv_sec,
+                             kerb_time.tv_sec - request_backdate,
                              s_name_data.name, s_name_data.instance,
                              key);
            krb5_free_keyblock_contents(kdc_context, &k5key);