oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Return NEVER_VALID error code if ticket will never be valid

Browse Source 
This matches the error generated by Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2023-04-14 11:47:08 +12:00
committed by Nico Williams
parent baf1930b6a
commit 597b59dfb7
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kdc/kerberos5.c
View File

@@ -2536,6 +2536,13 @@ _kdc_as_rep(astgs_request_t r)
t = min(t, rk_time_add(start, realm->max_life)); t = min(t, rk_time_add(start, realm->max_life));
#endif #endif
r->et.endtime = t; r->et.endtime = t;
if (start > r->et.endtime) {
_kdc_set_e_text(r, "Requested effective lifetime is negative or too short");
ret = KRB5KDC_ERR_NEVER_VALID;
goto out;
}
if(f.renewable_ok && r->et.endtime < *b->till){ if(f.renewable_ok && r->et.endtime < *b->till){
f.renewable = 1; f.renewable = 1;
if(b->rtime == NULL){ if(b->rtime == NULL){