svn rev #24240: trunk/src/kdc/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Aug 12 13:39:09 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24240
Commit By: ghudson
Log Message:
ticket: 2032
In AS replies, set the key-expiration field to the minimum of account
and password expiration time as specified in RFC 4120. Reported by
Mary Cushion <mary at eiger.demon.co.uk>.
Changed Files:
U trunk/src/kdc/do_as_req.c
Modified: trunk/src/kdc/do_as_req.c
===================================================================
--- trunk/src/kdc/do_as_req.c 2010-08-12 17:15:17 UTC (rev 24239)
+++ trunk/src/kdc/do_as_req.c 2010-08-12 17:39:09 UTC (rev 24240)
@@ -88,6 +88,17 @@
int, krb5_data *, krb5_principal, krb5_data **,
const char *);
+/* Determine the key-expiration value according to RFC 4120 section 5.4.2. */
+static krb5_timestamp
+get_key_exp(krb5_db_entry *entry)
+{
+ if (entry->expiration == 0)
+ return entry->pw_expiration;
+ if (entry->pw_expiration == 0)
+ return entry->expiration;
+ return min(entry->expiration, entry->pw_expiration);
+}
+
/*ARGSUSED*/
krb5_error_code
process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
@@ -541,7 +552,7 @@
goto errout;
}
reply_encpart.nonce = request->nonce;
- reply_encpart.key_exp = client->expiration;
+ reply_encpart.key_exp = get_key_exp(client);
reply_encpart.flags = enc_tkt_reply.flags;
reply_encpart.server = ticket_reply.server;
More information about the cvs-krb5
mailing list