torsdag den 9 augusti 2012 klockan 19:52 skrev Mats Erik Andersson detta:
> onsdag den 8 augusti 2012 klockan 15:18 skrev Simon Josefsson detta:
> > All,
> >
> > I have setup a Shishi KDC for interop purposes on interop.josefsson.org.
> > The server is running Ubuntu 12.04 with Shishi installed from packages.
>
> There is one issue with ticket life times in the present setup.
>
> An outdated OpenSolaris, as well as a contemporary OpenIndiana, are
> both receiving TGT:s of almost infinite validity when requested by
> kinit(1) without specifying a desired life time at the command line.
>
> In fact, the ticket is valid until 2037-12-31, at 00:00. Using
> instead "kinit -l 2h" provides the bounded, and correct expiry time.
The problem is that "src/kdc.c, line 361" accepts whatever end time
the client suggests, conducting no sanity check whatsoever.
I wanted to try the patch stated below, bit I troubled by the
difficulty to include the proper header allowing "handle->ticketlife"
to be evaluated. Hints?
Regards,
Mats E A
diff --git a/src/kdc.c b/src/kdc.c
index 87222d8..28d11ae 100644
--- a/src/kdc.c
+++ b/src/kdc.c
@@ -342,6 +342,7 @@ asreq1 (Shishi_as * as)
{
char *till;
size_t tilllen;
+ time_t now = time (NULL);
rc = shishi_kdcreq_till (handle, shishi_as_req (as), &till, &tilllen);
if (rc != SHISHI_OK)
@@ -358,9 +359,15 @@ asreq1 (Shishi_as * as)
goto fatal;
}
- rc = shishi_encticketpart_endtime_set (handle,
- shishi_tkt_encticketpart (tkt),
- till);
+ if (difftime (shishi_kdcreq_tillc (handle, shishi_as_req (as)), now)
+ > handle->ticketlife)
+ rc = shishi_encticketpart_endtime_set
+ (handle, shishi_tkt_encticketpart (tkt),
+
+ shishi_generalize_time (handle, now + handle->ticketlife));
+ else
+ rc = shishi_encticketpart_endtime_set
+ (handle, shishi_tkt_encticketpart (tkt), till);
free (till);
}
_______________________________________________
Help-shishi mailing list
Help-shishi@gnu.org
https://lists.gnu.org/mailman/listinfo/help-shishi
