[2828] in Kerberos

home help back first fref pref prev next nref lref last post

Patch to krb524 for long tickets

daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu Sep 23 12:53:13 1993

Date: Thu, 23 Sep 93 12:31:56 EDT
From: "Barry Jaspan" <bjaspan@GZA.COM>
To: kerberos@MIT.EDU


krb524 has a bug which causes V5 tickets with lifetimes greater than
the V4 maximum lifetime to be translated incorrectly; the V4 tickets
are created with lifetimes shorter than their maximum.  This patch
fixes the bug.  You will need to rebuild and reinstall both krb524d
and k524init after applying this patch.

Barry Jaspan, bjaspan@gza.com
OpenVision Technologies

*** 1.5	1993/02/25 23:11:39
--- conv_creds.c	1993/09/23 16:24:13
***************
*** 90,98 ****
  		sizeof(C_Block));
  
       /* V4 has no concept of authtime or renew_till, so ignore them */
!      /* V4 lifetime is 1 byte, in 5 minute increments */
!      v4creds->lifetime = 0xff &
! 	  ((v5creds->times.endtime - v5creds->times.starttime) / 300);
       v4creds->issue_date = v5creds->times.starttime;
  
       /* XXX perhaps we should use the addr of the client host if */
--- 90,101 ----
  		sizeof(C_Block));
  
       /* V4 has no concept of authtime or renew_till, so ignore them */
!      /* V4 lifetime is 1 byte, in 5 minute increments (but the */
!      /* variable itself is an int */
!      v4creds->lifetime = (v5creds->times.endtime -
! 			  v5creds->times.starttime) / 300;
!      if (v4creds->lifetime > 0xff)
! 	  v4creds->lifetime = 0xff;
       v4creds->issue_date = v5creds->times.starttime;
  
       /* XXX perhaps we should use the addr of the client host if */
*** 1.4	1993/04/29 22:15:56
--- conv_tkt_skey.c	1993/09/23 16:17:16
***************
*** 72,79 ****
       /* V4 lifetime is 1 byte, in 5 minute increments */
       if (v5etkt->times.starttime == 0)
  	  v5etkt->times.starttime = v5etkt->times.authtime;
!      lifetime = 0xff &
! 	  ((v5etkt->times.endtime - v5etkt->times.authtime) / 300);
  
       /* XXX perhaps we should use the addr of the client host if */
       /* v5creds contains more than one addr.  Q: Does V4 support */
--- 72,80 ----
       /* V4 lifetime is 1 byte, in 5 minute increments */
       if (v5etkt->times.starttime == 0)
  	  v5etkt->times.starttime = v5etkt->times.authtime;
!      lifetime = (v5etkt->times.endtime - v5etkt->times.authtime) / 300;
!      if (lifetime > 0xff)
! 	  lifetime = 0xff;
  
       /* XXX perhaps we should use the addr of the client host if */
       /* v5creds contains more than one addr.  Q: Does V4 support */
home help back first fref pref prev next nref lref last post