From 74762f12a3523e3f4ce37ded99c5cd21fd13810c Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Thu, 5 Feb 1998 01:49:10 +0000 Subject: [PATCH] * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing credential cache, ensure that the host ticket has not yet expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545]. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10404 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/ksu/ChangeLog | 6 ++++++ src/clients/ksu/krb_auth_su.c | 12 +++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog index 85fbfb274..896dab8a4 100644 --- a/src/clients/ksu/ChangeLog +++ b/src/clients/ksu/ChangeLog @@ -1,3 +1,9 @@ +Wed Feb 4 20:46:49 1998 Tom Yu + + * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing + credential cache, ensure that the host ticket has not yet + expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545]. + Mon Jan 27 16:56:07 1997 Tom Yu * Makefile.in: diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index b089fa113..e5a489f91 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -341,7 +341,17 @@ krb5_keyblock * tkt_ses_key; return(retval); } - + /* Check to make sure ticket hasn't expired */ + if (retval = krb5_check_exp(context, tkt->enc_part2->times)) { + if (auth_debug && (retval == KRB5KRB_AP_ERR_TKT_EXPIRED)) { + fprintf(stderr, + "krb5_verify_tkt_def: ticket has expired"); + } + krb5_free_ticket(context, tkt); + krb5_kt_free_entry(context, &ktentry); + krb5_free_keyblock(context, tkt_key); + return KRB5KRB_AP_ERR_TKT_EXPIRED; + } if (!krb5_principal_compare(context, client, tkt->enc_part2->client)) { krb5_free_ticket(context, tkt); -- 2.26.2