diff options
| author | Sam Hartman <hartmans@mit.edu> | 2004-04-16 19:10:24 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2004-04-16 19:10:24 +0000 |
| commit | d02c7df06dec5db1915e2715e27fdf733634ecbd (patch) | |
| tree | da4efb006758ebc566b63f37fac20a5547230ed0 | |
| parent | 51424093a86bf4a9ef864d0749ac122e16fd8b0e (diff) | |
| download | krb5-d02c7df06dec5db1915e2715e27fdf733634ecbd.tar.gz krb5-d02c7df06dec5db1915e2715e27fdf733634ecbd.tar.xz krb5-d02c7df06dec5db1915e2715e27fdf733634ecbd.zip | |
krb5_get_in_tkt ignores lifetime
John Hascall reports that the emulation of krb5_get_in_tkt is
incomplete and does not handle lifetimes set in the input credentials.
He provided a patch to fix this.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16258 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/ChangeLog | 5 | ||||
| -rw-r--r-- | src/include/k5-int.h | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gic_keytab.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 13 |
5 files changed, 23 insertions, 6 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 6b87eda61..cb87feb7a 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2004-04-16 Sam Hartman <hartmans@mit.edu> + + * k5-int.h: krb5int_populate_gic_opt now takes credentials so it + can get lifetime related options out of them + 2004-04-02 Ken Raeburn <raeburn@mit.edu> * k5-int.h (krb5int_prng_cleanup): Declare. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index d4e0f85b5..bd79b6804 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -957,7 +957,7 @@ krb5_get_init_creds void krb5int_populate_gic_opt ( krb5_context, krb5_get_init_creds_opt *, krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types); + krb5_preauthtype *pre_auth_types, krb5_creds *creds); krb5_error_code krb5_do_preauth diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 139cb5aca..e36fced37 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2004-04-16 Sam Hartman <hartmans@mit.edu> + + + * gic_pwd.c (krb5int_populate_gic_opt): Take credentials and populate lifetime options based on them. + + * gic_keytab.c gic_pwd.c : update callers + 2004-04-15 Sam Hartman <hartmans@mit.edu> * gic_pwd.c (krb5_get_init_creds_password): Free the as reply in diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 3a10c5583..a3cd443b1 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -158,7 +158,7 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5int_populate_gic_opt(context, &opt, options, addrs, ktypes, - pre_auth_types); + pre_auth_types, creds); if (arg_keytab == NULL) { retval = krb5_kt_default(context, &keytab); if (retval) diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 79f2e8540..de0f47df3 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -376,9 +376,11 @@ cleanup: void krb5int_populate_gic_opt ( krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types) + krb5_preauthtype *pre_auth_types, krb5_creds *creds) { int i; + krb5_int32 starttime; + krb5_get_init_creds_opt_init(opt); if (addrs) krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs); @@ -398,8 +400,11 @@ void krb5int_populate_gic_opt ( if (options&KDC_OPT_PROXIABLE) krb5_get_init_creds_opt_set_proxiable(opt, 1); else krb5_get_init_creds_opt_set_proxiable(opt, 0); - - + if (creds && creds->times.endtime) { + krb5_timeofday(context, &starttime); + if (creds->times.starttime) starttime = creds->times.starttime; + krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime); + } } /* @@ -451,7 +456,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, } krb5int_populate_gic_opt(context, &opt, options, addrs, ktypes, - pre_auth_types); + pre_auth_types, creds); retval = krb5_unparse_name( context, creds->server, &server); if (retval) return (retval); |