[16845] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #9071] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Sep 28 01:49:52 2022

From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: 
Message-ID: <rt-4.4.3-2-2191298-1664344035-1500.9071-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9071":;
Date: Wed, 28 Sep 2022 01:47:15 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Wed Sep 28 01:47:15 2022: Request 9071 was acted upon.
 Transaction: Ticket created by ghudson@mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson@mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9071 >



Add and use ts_interval() helper

ts_delta() returns a signed result, which cannot hold an interval
larger than 2^31-1 seconds.  Intervals like this have been seen when
admins set password expiration dates more than 68 years in the future.

Add a second helper ts_interval() which returns an unsigned result,
and has the arguments reversed so that the start time is first.  Use
it in warn_pw_expiry() to handle the password expiration case, in the
GSS krb5 mech where we return an unsigned context or credential
lifetime to the caller, and in the KEYRING ccache type where we
compute an unsigned keyring timeout.

https://github.com/krb5/krb5/commit/29600cf1db888d91c42cbd6cf72652afe8c1ee66
Author: Greg Hudson <ghudson@mit.edu>
Commit: 29600cf1db888d91c42cbd6cf72652afe8c1ee66
Branch: master
 src/include/k5-int.h                     |  9 +++++++++
 src/lib/gssapi/krb5/accept_sec_context.c | 10 ++++++----
 src/lib/gssapi/krb5/acquire_cred.c       |  3 +--
 src/lib/gssapi/krb5/context_time.c       | 20 ++++++--------------
 src/lib/gssapi/krb5/init_sec_context.c   |  4 ++--
 src/lib/gssapi/krb5/inq_context.c        | 11 ++++-------
 src/lib/gssapi/krb5/inq_cred.c           |  2 +-
 src/lib/gssapi/krb5/s4u_gss_glue.c       |  2 +-
 src/lib/krb5/ccache/cc_keyring.c         |  4 ++--
 src/lib/krb5/krb/get_in_tkt.c            | 15 +++++++--------
 10 files changed, 39 insertions(+), 41 deletions(-)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post