diff options
author | Nicolas Williams <nico@cryptonector.com> | 2013-04-26 14:37:01 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-04-26 16:29:46 -0400 |
commit | 9977eb769b9def8fbbf289f7eac3938c863fa2ef (patch) | |
tree | aa05af180ee6e97e3fe6a3110369f2a41c1b327b /src/lib/krb5/krb/get_creds.c | |
parent | f42477d27dc4f6c482a23a8c29d416d830277d04 (diff) | |
download | krb5-9977eb769b9def8fbbf289f7eac3938c863fa2ef.tar.gz krb5-9977eb769b9def8fbbf289f7eac3938c863fa2ef.tar.xz krb5-9977eb769b9def8fbbf289f7eac3938c863fa2ef.zip |
Don't use expired TGTs in TGS-REQs
ticket: 6948
Diffstat (limited to 'src/lib/krb5/krb/get_creds.c')
-rw-r--r-- | src/lib/krb5/krb/get_creds.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 23c0a10838..8994527097 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -57,20 +57,14 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options, memset(mcreds, 0, sizeof(krb5_creds)); mcreds->magic = KV5M_CREDS; - if (in_creds->times.endtime != 0) { + if (in_creds->times.endtime != 0) mcreds->times.endtime = in_creds->times.endtime; - } else { - krb5_error_code retval; - retval = krb5_timeofday(context, &mcreds->times.endtime); - if (retval != 0) return retval; - } mcreds->keyblock = in_creds->keyblock; mcreds->authdata = in_creds->authdata; mcreds->server = in_creds->server; mcreds->client = in_creds->client; - *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ - | KRB5_TC_MATCH_AUTHDATA + *fields = KRB5_TC_MATCH_AUTHDATA /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ | KRB5_TC_SUPPORTED_KTYPES; if (mcreds->keyblock.enctype) { krb5_enctype *ktypes; @@ -236,6 +230,14 @@ cache_get(krb5_context context, krb5_ccache ccache, krb5_flags flags, *out_creds = NULL; + if (in_creds->times.endtime == 0) { + code = krb5_timeofday(context, &in_creds->times.endtime); + if (code != 0) + return code; + } + + flags |= KRB5_TC_MATCH_TIMES; + creds = malloc(sizeof(*creds)); if (creds == NULL) return ENOMEM; |