diff options
| author | Tom Yu <tlyu@mit.edu> | 2004-07-24 00:40:18 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2004-07-24 00:40:18 +0000 |
| commit | ecc5fb3385495be9eabed5ef82bd245fab91f3f1 (patch) | |
| tree | 5d16df7961b7bc86b5ff201e007dc86335d2a618 /src | |
| parent | 20226b353004a566349dae8b1c5a4b1a403b5e72 (diff) | |
| download | krb5-ecc5fb3385495be9eabed5ef82bd245fab91f3f1.tar.gz krb5-ecc5fb3385495be9eabed5ef82bd245fab91f3f1.tar.xz krb5-ecc5fb3385495be9eabed5ef82bd245fab91f3f1.zip | |
another krb4 ticket backdating fix
* kerberos_v4.c (kerberos_v4): Duplicate backdating fix for
APPL_REQUEST as well. Fix comments.
ticket: new
version_reported: 1.3.3
target_version: 1.3.5
tags: pullup
component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16623 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/ChangeLog | 5 | ||||
| -rw-r--r-- | src/kdc/kerberos_v4.c | 12 |
2 files changed, 11 insertions, 6 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 968dfa45a..4d0103c87 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,8 @@ +2004-07-23 Tom Yu <tlyu@mit.edu> + + * kerberos_v4.c (kerberos_v4): Duplicate backdating fix for + APPL_REQUEST as well. Fix comments. + 2004-06-07 Ezra Peisach <epeisach@mit.edu.edu> * network.c (paddr): Use unsigned int for length. diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index ffa5bdd2b..84b632bff 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -740,8 +740,7 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt) v4endtime = krb_life_to_time(kerb_time.tv_sec, lifetime); /* * Adjust issue time backwards if necessary, due to - * roundup in krb_time_to_life(). XXX This frobs - * kerb_time, which is potentially problematic. + * roundup in krb_time_to_life(). */ if (v4endtime > v4req_end) request_backdate = v4endtime - v4req_end; @@ -815,6 +814,8 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt) char *service; /* Service name */ char *instance; /* Service instance */ int kerno = 0; /* Kerberos error number */ + unsigned int request_backdate = 0; /*How far to backdate + in seconds.*/ char tktrlm[REALM_SZ]; n_appl_req++; @@ -934,11 +935,10 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt) v4endtime = krb_life_to_time(kerb_time.tv_sec, lifetime); /* * Adjust issue time backwards if necessary, due to - * roundup in krb_time_to_life(). XXX This frobs - * kerb_time, which is potentially problematic. + * roundup in krb_time_to_life(). */ if (v4endtime > v4req_end) - kerb_time.tv_sec -= v4endtime - v4req_end; + request_backdate = v4endtime - v4req_end; /* unseal server's key from master key */ memcpy(key, &s_name_data.key_low, 4); @@ -959,7 +959,7 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt) krb_create_ticket(tk, k_flags, ad->pname, ad->pinst, ad->prealm, client_host.s_addr, (char *) session_key, lifetime, - kerb_time.tv_sec, + kerb_time.tv_sec - request_backdate, s_name_data.name, s_name_data.instance, key); krb5_free_keyblock_contents(kdc_context, &k5key); |