From 034fd19c0fa7f4dcaf43abce0f41e340b7898cc3 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 1 Sep 2000 01:43:50 +0000 Subject: [PATCH] * Makefile.in(OBJS, SRCS): Add lifetime.{o,c} * lifetime.c: New file. For the purposes of CMU and AFS compatibility, this implements the exponential krb4 ticket lifetimes for lifetime values above 127, in the krb_life_to_time() and krb_time_to_life() functions. Values 127 and below are still treated normally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12644 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb4/ChangeLog | 10 ++++ src/lib/krb4/Makefile.in | 2 + src/lib/krb4/lifetime.c | 126 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100644 src/lib/krb4/lifetime.c diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 9b091bfcd..f87198fb4 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,13 @@ +2000-08-31 Tom Yu + + * Makefile.in(OBJS, SRCS): Add lifetime.{o,c}. + + * lifetime.c: New file. For the purposes of CMU and AFS + compatibility, this implements the exponential krb4 ticket + lifetimes for lifetime values above 127, in the krb_life_to_time() + and krb_time_to_life() functions. Values 127 and below are still + treated normally. + Tue Aug 22 09:56:14 2000 Ezra Peisach * rd_svc_key.c (krb54_get_service_keyblock): If the keytab diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 67dfa6062..33206ad0b 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -45,6 +45,7 @@ OBJS = \ $(OUTPRE)gethostname.$(OBJEXT) \ $(OUTPRE)getst.$(OBJEXT) \ $(OUTPRE)kname_parse.$(OBJEXT) \ + $(OUTPRE)lifetime.$(OBJEXT) \ $(OUTPRE)mk_auth.$(OBJEXT) \ $(OUTPRE)mk_err.$(OBJEXT) \ $(OUTPRE)mk_priv.$(OBJEXT) \ @@ -79,6 +80,7 @@ SRCS = \ $(srcdir)/gethostname.c \ $(srcdir)/kname_parse.c \ $(srcdir)/err_txt.c \ + $(srcdir)/lifetime.c \ $(srcdir)/g_in_tkt.c \ $(srcdir)/mk_auth.c \ $(srcdir)/mk_err.c \ diff --git a/src/lib/krb4/lifetime.c b/src/lib/krb4/lifetime.c new file mode 100644 index 000000000..a8e05fdb7 --- /dev/null +++ b/src/lib/krb4/lifetime.c @@ -0,0 +1,126 @@ +/* + * Copyright 2000 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "krb.h" + +/* + * Only lifetime bytes values less than 128 are on a linear scale. + * The following table contains an exponential scale that covers the + * lifetime values 128 to 191 inclusive (a total of 64 values). + * Values greater than 191 get interpreted the same as 191, but they + * will never be generated by the functions in this file. The special + * case of a lifetime byte of 255 gets interpreted as never expiring, + * which corresponds to an expiration date of KRB_NEVERDATE, which + * should be (-1). + * + * The ratio is approximately 1.069144898 (actually exactly + * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30 + * days, and 38400 = 128*5 minutes. This allows a lifetime byte of + * 191 to correspond to a ticket life of exactly 30 days and a + * lifetime byte of 191 to correspond to exactly 128*5 minutes, with + * the other values spread on an exponential curve fit in between + * them. This table should correspond exactly to the set of extended + * ticket lifetime values used by AFS and CMU. + * + * The following awk script is sufficient to reproduce the table: + * BEGIN { + * r = exp(log(2592000/38400)/63); + * x = 38400; + * for (i=0;i<64;i++) { + * printf("%d\n",x+0.5); + * x *= r; + * } + * } + */ +#define NLIFETIMES 64 +static const KRB4_32 lifetimes[NLIFETIMES] = { + 38400, 41055, 43894, 46929, + 50174, 53643, 57352, 61318, + 65558, 70091, 74937, 80119, + 85658, 91581, 97914, 104684, + 111922, 119661, 127935, 136781, + 146239, 156350, 167161, 178720, + 191077, 204289, 218415, 233517, + 249664, 266926, 285383, 305116, + 326213, 348769, 372885, 398668, + 426234, 455705, 487215, 520904, + 556921, 595430, 636601, 680618, + 727680, 777995, 831789, 889303, + 950794, 1016537, 1086825, 1161973, + 1242318, 1328218, 1420057, 1518247, + 1623226, 1735464, 1855462, 1983758, + 2120925, 2267576, 2424367, 2592000 +}; +#define MINFIXED 0x80 +#define MAXFIXED (MINFIXED + NLIFETIMES - 1) +#define NOEXPIRE 0xFF + +/* + * krb_life_to_time + * + * Given a start date and a lifetime byte, compute the expiration + * date. + */ +KRB4_32 +krb_life_to_time(KRB4_32 start, int life) +{ + if (life == NOEXPIRE) + return KRB_NEVERDATE; + if (life < 0) /* possibly sign botch in caller */ + return start; + if (life < MINFIXED) + return start + life * 5 * 60; + if (life > MAXFIXED) + return start + lifetimes[NLIFETIMES - 1]; + return start + lifetimes[life - MINFIXED]; +} + +/* + * krb_time_to_life + * + * Given the start date and the end date, compute the lifetime byte. + * Round up, since we can adjust the start date backwards if we are + * issuing the ticket to cause it to expire at the correct time. + */ +int +krb_time_to_life(KRB4_32 start, KRB4_32 end) +{ + KRB4_32 dt; + int i; + + if (end == KRB_NEVERDATE) + return NOEXPIRE; + dt = start - end; + if (dt <= 0) + return 0; + if (dt < lifetimes[0]) + return (dt + 5 * 60 - 1) / (5 * 60); + /* This depends on the array being ordered. */ + for (i = 0; i < NLIFETIMES; i++) { + if (lifetimes[i] >= dt) + return i + MINFIXED; + } + return MAXFIXED; +} -- 2.26.2