kdc: Return NEVER_VALID error code if ticket will never be valid
This matches the error generated by Windows. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:

committed by
Nico Williams

parent
baf1930b6a
commit
597b59dfb7
@@ -2536,6 +2536,13 @@ _kdc_as_rep(astgs_request_t r)
|
||||
t = min(t, rk_time_add(start, realm->max_life));
|
||||
#endif
|
||||
r->et.endtime = t;
|
||||
|
||||
if (start > r->et.endtime) {
|
||||
_kdc_set_e_text(r, "Requested effective lifetime is negative or too short");
|
||||
ret = KRB5KDC_ERR_NEVER_VALID;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if(f.renewable_ok && r->et.endtime < *b->till){
|
||||
f.renewable = 1;
|
||||
if(b->rtime == NULL){
|
||||
|
Reference in New Issue
Block a user