From 0ad46eaa6eabfba18beb81d97b8a6d34486671fe Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 14 Dec 2010 17:28:38 +0000
Subject: Fix a regression in the client-side ticket renewal code where KDC
 options were not folded into the renewal request (most notably, the
 KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed tickets.  Add
 a simple test case for ticket renewal.

ticket: 6838
tags: pullups
target_version: 1.9

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24566 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/val_renew.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/krb5/krb/val_renew.c b/src/lib/krb5/krb/val_renew.c
index 46eff99b7..bc3b90c3e 100644
--- a/src/lib/krb5/krb/val_renew.c
+++ b/src/lib/krb5/krb/val_renew.c
@@ -59,7 +59,10 @@ get_new_creds(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
     if (code != 0)
 	return code;
 
-    /* Use it to get a new credential from the KDC. */
+    /* Use KDC options from old credential as well as requested options. */
+    kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
+
+    /* Use the old credential to get a new credential from the KDC. */
     code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
 				 old_creds.addresses, in_creds, &new_creds);
     krb5_free_cred_contents(context, &old_creds);
-- 
cgit