oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

stop the client from renewing tickets into the future

Browse Source 
From: Jeffrey Hutzelman <jhutz@cmu.edu>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13646 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-03-30 09:19:14 +00:00
parent 2b82583ac9
commit 3ea2077af8
1 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
kdc/kerberos4.c
View File

@@ -133,7 +133,7 @@ do_version4(unsigned char *buf,
char *name = NULL, *inst = NULL, *realm = NULL; char *name = NULL, *inst = NULL, *realm = NULL;
char *sname = NULL, *sinst = NULL; char *sname = NULL, *sinst = NULL;
int32_t req_time; int32_t req_time;
time_t max_life; time_t max_life, max_end, actual_end, issue_time;
u_int8_t life; u_int8_t life;
char client_name[256]; char client_name[256];
char server_name[256]; char server_name[256];
@@ -425,16 +425,21 @@ do_version4(unsigned char *buf,
goto out2; goto out2;
} }
max_life = krb_life_to_time(ad.time_sec, ad.life); max_end = krb_life_to_time(ad.time_sec, ad.life);
max_life = min(max_life, krb_life_to_time(kdc_time, life)); max_end = min(max_end, krb_life_to_time(kdc_time, life));
life = min(life, krb_time_to_life(kdc_time, max_life)); life = min(life, krb_time_to_life(kdc_time, max_end));
max_life = krb_life_to_time(0, life);
#if 0 issue_time = kdc_time;
if(client->max_life) actual_end = krb_life_to_time(issue_time, life);
max_life = min(max_life, *client->max_life); while (actual_end > max_end && life > 1) {
#endif /* move them into the next earlier lifetime bracket */
if(server->max_life) life--;
max_life = min(max_life, *server->max_life); actual_end = krb_life_to_time(issue_time, life);
}
if (actual_end > max_end) {
/* if life <= 1 and it's still too long, backdate the ticket */
issue_time -= actual_end - max_end;
}
{ {
KTEXT_ST cipher, ticket; KTEXT_ST cipher, ticket;
@@ -443,12 +448,13 @@ do_version4(unsigned char *buf,
des_new_random_key(&session); des_new_random_key(&session);
krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm, krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm,
addr->sin_addr.s_addr, &session, life, kdc_time, addr->sin_addr.s_addr, &session, life,
issue_time,
sname, sinst, skey->key.keyvalue.data); sname, sinst, skey->key.keyvalue.data);
create_ciph(&cipher, session, sname, sinst, v4_realm, create_ciph(&cipher, session, sname, sinst, v4_realm,
life, server->kvno % 256, &ticket, life, server->kvno % 256, &ticket,
kdc_time, &ad.session); issue_time, &ad.session);
memset(&session, 0, sizeof(session)); memset(&session, 0, sizeof(session));
memset(ad.session, 0, sizeof(ad.session)); memset(ad.session, 0, sizeof(ad.session));