oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: MIT krb5 FILE ccache remove cred compatibility

Browse Source 
MIT commit d3b39a8bac6206b5ea78b0bf6a2958c1df0b0dd5 implemented
krb5_cc_remove_cred() for FILE ccaches by setting endtime to zero
and authtime to minus one and then filtering out those credentials
from get_next().

This change sets "authtime = -1" for the removed cred to permit
MIT krb5 to ignore removed credentials from a shared FILE ccache.

MIT commit 4c0838bb4c232866b95c9f2f72a55bf77cfc1308 modified the
cred_removed() check to restore compatibility with Heimdal.
This commit is contained in:
Jeffrey Altman
2024-06-17 11:53:36 -04:00
parent 68dbf1ba10
commit b7e699597e
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/krb5/fcache.c
View File

@@ -1088,6 +1088,9 @@ cred_delete(krb5_context context,
*/
cred->times.endtime = 0;
/* For compatibility with MIT d3b39a8bac6206b5ea78b0bf6a2958c1df0b0dd5 */
cred->times.authtime = -1;
/* ...except for config creds because we don't check their endtimes */
if (srealm && strcmp(srealm, "X-CACHECONF:") == 0) {
ret = krb5_principal_set_realm(context, cred->server, "X-RMED-CONF:");