svn rev #24570: branches/krb5-1-9/src/ lib/krb5/krb/ tests/

tlyu@MIT.EDU tlyu at MIT.EDU
Tue Dec 14 18:10:42 EST 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24570
Commit By: tlyu
Log Message:
ticket: 6838
version_fixed: 1.9
status: resolved

pull up r24566 from trunk

 ------------------------------------------------------------------------
 r24566 | ghudson | 2010-12-14 12:28:38 -0500 (Tue, 14 Dec 2010) | 9 lines

 ticket: 6838
 tags: pullups
 target_version: 1.9

 Fix a regression in the client-side ticket renewal code where KDC
 options were not folded into the renewal request (most notably, the
 KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed
 tickets.  Add a simple test case for ticket renewal.


Changed Files:
U   branches/krb5-1-9/src/lib/krb5/krb/val_renew.c
U   branches/krb5-1-9/src/tests/Makefile.in
A   branches/krb5-1-9/src/tests/t_renew.py
Modified: branches/krb5-1-9/src/lib/krb5/krb/val_renew.c
===================================================================
--- branches/krb5-1-9/src/lib/krb5/krb/val_renew.c	2010-12-14 23:10:36 UTC (rev 24569)
+++ branches/krb5-1-9/src/lib/krb5/krb/val_renew.c	2010-12-14 23:10:42 UTC (rev 24570)
@@ -59,7 +59,10 @@
     if (code != 0)
 	return code;
 
-    /* Use it to get a new credential from the KDC. */
+    /* Use KDC options from old credential as well as requested options. */
+    kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
+
+    /* Use the old credential to get a new credential from the KDC. */
     code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
 				 old_creds.addresses, in_creds, &new_creds);
     krb5_free_cred_contents(context, &old_creds);

Modified: branches/krb5-1-9/src/tests/Makefile.in
===================================================================
--- branches/krb5-1-9/src/tests/Makefile.in	2010-12-14 23:10:36 UTC (rev 24569)
+++ branches/krb5-1-9/src/tests/Makefile.in	2010-12-14 23:10:42 UTC (rev 24570)
@@ -66,6 +66,7 @@
 	$(RUNPYTEST) $(srcdir)/t_lockout.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS)
 
 clean::
 	$(RM) kdc.conf

Added: branches/krb5-1-9/src/tests/t_renew.py
===================================================================
--- branches/krb5-1-9/src/tests/t_renew.py	                        (rev 0)
+++ branches/krb5-1-9/src/tests/t_renew.py	2010-12-14 23:10:42 UTC (rev 24570)
@@ -0,0 +1,16 @@
+#!/usr/bin/python
+from k5test import *
+
+realm = K5Realm(create_host=False, start_kadmind=False, get_creds=False)
+
+# Configure the realm to allow renewable tickets and acquire some.
+realm.run_kadminl('modprinc -maxrenewlife "2 days" user')
+realm.run_kadminl('modprinc -maxrenewlife "2 days" %s' % realm.krbtgt_princ)
+realm.kinit(realm.user_princ, password('user'), flags=['-r', '2d'])
+
+# Renew twice, to test that renewed tickets are renewable.
+realm.kinit(realm.user_princ, flags=['-R'])
+realm.kinit(realm.user_princ, flags=['-R'])
+realm.klist(realm.user_princ)
+
+success('Renewing credentials.')

More information about the cvs-krb5 mailing list