From 96a5c0b82aad47fc6c5a80748778e190a9627050 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 16 May 2023 17:07:07 +1200
Subject: [PATCH] hdb: Make maximum ticket lifetime and renew time signed
 integers

This allows for negative lifetimes to be encoded, and fits in better
with our use elsewhere of time_t, which in POSIX is a signed integer
type.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
 lib/hdb/hdb.asn1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/hdb/hdb.asn1 b/lib/hdb/hdb.asn1
index 49318c811..c0d837320 100644
--- a/lib/hdb/hdb.asn1
+++ b/lib/hdb/hdb.asn1
@@ -233,8 +233,8 @@ HDB_entry ::= SEQUENCE {
 	valid-start[5]	KerberosTime OPTIONAL,
 	valid-end[6]	KerberosTime OPTIONAL,
 	pw-end[7]	KerberosTime OPTIONAL,
-	max-life[8]	INTEGER (0..4294967295) OPTIONAL,
-	max-renew[9]	INTEGER (0..4294967295) OPTIONAL,
+	max-life[8]	INTEGER (-2147483648..2147483647) OPTIONAL,
+	max-renew[9]	INTEGER (-2147483648..2147483647) OPTIONAL,
 	flags[10]	HDBFlags,
 	etypes[11]	HDB-EncTypeList OPTIONAL,
 	generation[12]	GENERATION OPTIONAL,