From 3ea2077af8736646ee3374d80025acfccd050be9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 30 Mar 2004 09:19:14 +0000
Subject: [PATCH] stop the client from renewing tickets into the future From:
 Jeffrey Hutzelman <jhutz@cmu.edu>

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13646 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos4.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/kdc/kerberos4.c b/kdc/kerberos4.c
index 3a7d781a6..76fafaa0c 100644
--- a/kdc/kerberos4.c
+++ b/kdc/kerberos4.c
@@ -133,7 +133,7 @@ do_version4(unsigned char *buf,
     char *name = NULL, *inst = NULL, *realm = NULL;
     char *sname = NULL, *sinst = NULL;
     int32_t req_time;
-    time_t max_life;
+    time_t max_life, max_end, actual_end, issue_time;
     u_int8_t life;
     char client_name[256];
     char server_name[256];
@@ -425,17 +425,22 @@ do_version4(unsigned char *buf,
 	    goto out2;
 	}
 
-	max_life = krb_life_to_time(ad.time_sec, ad.life);
-	max_life = min(max_life, krb_life_to_time(kdc_time, life));
-	life = min(life, krb_time_to_life(kdc_time, max_life));
-	max_life = krb_life_to_time(0, life);
-#if 0
-	if(client->max_life)
-	    max_life = min(max_life, *client->max_life);
-#endif
-	if(server->max_life)
-	    max_life = min(max_life, *server->max_life);
+	max_end = krb_life_to_time(ad.time_sec, ad.life);
+	max_end = min(max_end, krb_life_to_time(kdc_time, life));
+	life = min(life, krb_time_to_life(kdc_time, max_end));
 	
+	issue_time = kdc_time;
+	actual_end = krb_life_to_time(issue_time, life);
+	while (actual_end > max_end && life > 1) {
+	    /* move them into the next earlier lifetime bracket */
+	    life--;
+	    actual_end = krb_life_to_time(issue_time, life);
+	}
+	if (actual_end > max_end) {
+	    /* if life <= 1 and it's still too long, backdate the ticket */
+	    issue_time -= actual_end - max_end;
+	}
+
 	{
 	    KTEXT_ST cipher, ticket;
 	    KTEXT r;
@@ -443,13 +448,14 @@ do_version4(unsigned char *buf,
 	    des_new_random_key(&session);
 
 	    krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm,
-			      addr->sin_addr.s_addr, &session, life, kdc_time,
+			      addr->sin_addr.s_addr, &session, life, 
+			      issue_time,
 			      sname, sinst, skey->key.keyvalue.data);
 	    
 	    create_ciph(&cipher, session, sname, sinst, v4_realm,
 			life, server->kvno % 256, &ticket,
-			kdc_time, &ad.session);
-
+			issue_time, &ad.session);
+	    
 	    memset(&session, 0, sizeof(session));
 	    memset(ad.session, 0, sizeof(ad.session));