Sorry for the spam fellows ... I now understand how lifetime is retrieved using rxkad/lifetimes.h content.
I didn't take a look a life_to_time and time_to_life, for I was thinking it was an obvious subtraction... sorry. Have a nice day :) R. Le 26/08/2010 14:20, Remi Ferrand a écrit : > Hye everyone, > > I'm playing around with afs libs (v 1.4.11) and I noticed a strange > behavior when trying to forge token from scratch. > > My program is as simple as: > > * Call tkt_MakeTicket > * Call tkt_DecodeTicket on this very token > > The ticket I forged is valid and correct, it works perfectly, excpect > for the timestamps... > > I tried to forge a token with a lifetime of 500 seconds. > Both startTime and endTime are of type Date (afs_uint32) > > # Time code manipulation is below: > Date startTime, endTime; > startTime = time(NULL); > endTime = startTime + 500; > > I added some debug messages in rxkad/ticket.c to trace timestamps > encoded in the token. > > Here is my output: > > [libAFS::tkt_MakeTicket] start: 1282823804 > [libAFS::tkt_MakeTicket] end: 1282824304 (OK, 500 seconds) > > [libAFS::assemble_athena_ticket] start: 1282823804 > [libAFS::assemble_athena_ticket] end: 1282824304 (OK, 500 seconds) > > // Decode token > [libAFS::decode_athena_ticket] start: 1282823804 > [libAFS::decode_athena_ticket] end: 1282824404 (NOT OK, 600 seconds) > [libAFS::tkt_DecodeTicket] start: 1282823804 > [libAFS::tkt_DecodeTicket] end: 1282824404 (NOT OK, 600 seconds) > > Encrypted info:: > name: admin > instance: > cell: test.fr > host: 0 > startTime: 1282823804 > endTime: 1282824404 > > Lifetime encrypted: 600 sec > Lifetime clear: 500 sec > > As you can see, endTime retrieved with tkt_DecodeTicket (which calls > decode_athena_ticket) is incorrect. > > Athena ticket only stores the token startTime and lifetime and endTime > is deduced from those two values. > > > I don't really know what's happening here, but if I tried to forge a > token with a very large lifetime (86400 seconds for instance), i.e > > endTime = startTime + 86400 > > > [libAFS::tkt_MakeTicket] start: 1282824973 > [libAFS::tkt_MakeTicket] end: 1282911373 > [libAFS::assemble_athena_ticket] start: 1282824973 > [libAFS::assemble_athena_ticket] end: 1282911373 > > [libAFS::decode_athena_ticket] start: 1282824973 > [libAFS::decode_athena_ticket] end: 1282916554 > [libAFS::tkt_DecodeTicket] start: 1282824973 > [libAFS::tkt_DecodeTicket] end: 1282916554 > > Encrypted info:: > name: admin > instance: > cell: test.fr > host: 0 > startTime: 1282824973 > endTime: 1282916554 > > Lifetime encrypted: 91581 sec > Lifetime clear: 86400 sec > > The gap between real lifetime (clear one before token is dropped from > token cache) and encrypted lifetime increases. > > > This is very very strange and I'm totally lost here... > > Note: When running tkt_DecodeTicket on a token obtained from "klog", > encrypted and clear lifetime match. > > Has anyone already have this problem ? > Where am I wrong ? > > If you need my code, I can send it to you, just ask :) > > Thanks in advance. > > R. > -- Remi Ferrand | Institut National de Physique Nucleaire Tel. +33(0)4.78.93.08.80 | et de Physique des Particules Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/
smime.p7s
Description: S/MIME Cryptographic Signature
