From ef09b0469471c27f7260d6ff0c0aafcb100987ad Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Fri, 30 May 2003 18:55:28 +0000 Subject: [PATCH] * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15524 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 7 +++++++ src/lib/krb5/krb/get_in_tkt.c | 1 + 2 files changed, 8 insertions(+) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 531a378d4..23ea95209 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2003-05-30 Alexandra Ellwood + + * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime + of tickets whose request options included KDC_OPT_RENEWABLE_OK + if those options did not also include KDC_OPT_RENEWABLE. Otherwise + verify_as_reply() will fail for all renewable tickets. + 2003-05-27 Ken Raeburn * conv_creds.c: Enable support on Windows always. diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 44f887afd..c49752c95 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -262,6 +262,7 @@ verify_as_reply(krb5_context context, (request->rtime != 0) && (as_reply->enc_part2->times.renew_till > request->rtime)) || ((request->kdc_options & KDC_OPT_RENEWABLE_OK) && + !(request->kdc_options & KDC_OPT_RENEWABLE) && (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) && (request->till != 0) && (as_reply->enc_part2->times.renew_till > request->till)) -- 2.26.2