From d02c7df06dec5db1915e2715e27fdf733634ecbd Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Fri, 16 Apr 2004 19:10:24 +0000 Subject: [PATCH] krb5_get_in_tkt ignores lifetime John Hascall reports that the emulation of krb5_get_in_tkt is incomplete and does not handle lifetimes set in the input credentials. He provided a patch to fix this. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16258 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 5 +++++ src/include/k5-int.h | 2 +- src/lib/krb5/krb/ChangeLog | 7 +++++++ src/lib/krb5/krb/gic_keytab.c | 2 +- src/lib/krb5/krb/gic_pwd.c | 13 +++++++++---- 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 6b87eda61..cb87feb7a 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2004-04-16 Sam Hartman + + * k5-int.h: krb5int_populate_gic_opt now takes credentials so it + can get lifetime related options out of them + 2004-04-02 Ken Raeburn * k5-int.h (krb5int_prng_cleanup): Declare. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index d4e0f85b5..bd79b6804 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -957,7 +957,7 @@ krb5_get_init_creds void krb5int_populate_gic_opt ( krb5_context, krb5_get_init_creds_opt *, krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types); + krb5_preauthtype *pre_auth_types, krb5_creds *creds); krb5_error_code krb5_do_preauth diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 139cb5aca..e36fced37 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2004-04-16 Sam Hartman + + + * gic_pwd.c (krb5int_populate_gic_opt): Take credentials and populate lifetime options based on them. + + * gic_keytab.c gic_pwd.c : update callers + 2004-04-15 Sam Hartman * gic_pwd.c (krb5_get_init_creds_password): Free the as reply in diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 3a10c5583..a3cd443b1 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -158,7 +158,7 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5int_populate_gic_opt(context, &opt, options, addrs, ktypes, - pre_auth_types); + pre_auth_types, creds); if (arg_keytab == NULL) { retval = krb5_kt_default(context, &keytab); if (retval) diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 79f2e8540..de0f47df3 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -376,9 +376,11 @@ cleanup: void krb5int_populate_gic_opt ( krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types) + krb5_preauthtype *pre_auth_types, krb5_creds *creds) { int i; + krb5_int32 starttime; + krb5_get_init_creds_opt_init(opt); if (addrs) krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs); @@ -398,8 +400,11 @@ void krb5int_populate_gic_opt ( if (options&KDC_OPT_PROXIABLE) krb5_get_init_creds_opt_set_proxiable(opt, 1); else krb5_get_init_creds_opt_set_proxiable(opt, 0); - - + if (creds && creds->times.endtime) { + krb5_timeofday(context, &starttime); + if (creds->times.starttime) starttime = creds->times.starttime; + krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime); + } } /* @@ -451,7 +456,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, } krb5int_populate_gic_opt(context, &opt, options, addrs, ktypes, - pre_auth_types); + pre_auth_types, creds); retval = krb5_unparse_name( context, creds->server, &server); if (retval) return (retval); -- 2.26.2