svn rev #24570: branches/krb5-1-9/src/ lib/krb5/krb/ tests/
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Dec 14 18:10:42 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24570
Commit By: tlyu
Log Message:
ticket: 6838
version_fixed: 1.9
status: resolved
pull up r24566 from trunk
------------------------------------------------------------------------
r24566 | ghudson | 2010-12-14 12:28:38 -0500 (Tue, 14 Dec 2010) | 9 lines
ticket: 6838
tags: pullups
target_version: 1.9
Fix a regression in the client-side ticket renewal code where KDC
options were not folded into the renewal request (most notably, the
KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed
tickets. Add a simple test case for ticket renewal.
Changed Files:
U branches/krb5-1-9/src/lib/krb5/krb/val_renew.c
U branches/krb5-1-9/src/tests/Makefile.in
A branches/krb5-1-9/src/tests/t_renew.py
Modified: branches/krb5-1-9/src/lib/krb5/krb/val_renew.c
===================================================================
--- branches/krb5-1-9/src/lib/krb5/krb/val_renew.c 2010-12-14 23:10:36 UTC (rev 24569)
+++ branches/krb5-1-9/src/lib/krb5/krb/val_renew.c 2010-12-14 23:10:42 UTC (rev 24570)
@@ -59,7 +59,10 @@
if (code != 0)
return code;
- /* Use it to get a new credential from the KDC. */
+ /* Use KDC options from old credential as well as requested options. */
+ kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
+
+ /* Use the old credential to get a new credential from the KDC. */
code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
old_creds.addresses, in_creds, &new_creds);
krb5_free_cred_contents(context, &old_creds);
Modified: branches/krb5-1-9/src/tests/Makefile.in
===================================================================
--- branches/krb5-1-9/src/tests/Makefile.in 2010-12-14 23:10:36 UTC (rev 24569)
+++ branches/krb5-1-9/src/tests/Makefile.in 2010-12-14 23:10:42 UTC (rev 24570)
@@ -66,6 +66,7 @@
$(RUNPYTEST) $(srcdir)/t_lockout.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS)
clean::
$(RM) kdc.conf
Added: branches/krb5-1-9/src/tests/t_renew.py
===================================================================
--- branches/krb5-1-9/src/tests/t_renew.py (rev 0)
+++ branches/krb5-1-9/src/tests/t_renew.py 2010-12-14 23:10:42 UTC (rev 24570)
@@ -0,0 +1,16 @@
+#!/usr/bin/python
+from k5test import *
+
+realm = K5Realm(create_host=False, start_kadmind=False, get_creds=False)
+
+# Configure the realm to allow renewable tickets and acquire some.
+realm.run_kadminl('modprinc -maxrenewlife "2 days" user')
+realm.run_kadminl('modprinc -maxrenewlife "2 days" %s' % realm.krbtgt_princ)
+realm.kinit(realm.user_princ, password('user'), flags=['-r', '2d'])
+
+# Renew twice, to test that renewed tickets are renewable.
+realm.kinit(realm.user_princ, flags=['-R'])
+realm.kinit(realm.user_princ, flags=['-R'])
+realm.klist(realm.user_princ)
+
+success('Renewing credentials.')
More information about the cvs-krb5
mailing list