[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Renewing tickets broken on Heimdal 1.0.1

To: heimdal-discuss@sics.se
Subject: Renewing tickets broken on Heimdal 1.0.1
From: Alec Kloss <alec-keyword-heimdal.e899d7@SetFilePointer.com>
Date: Sun, 2 Mar 2008 09:21:35 -0600
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, Alec Kloss <alec-keyword-heimdal.e899d7@SetFilePointer.com>
User-Agent: Mutt/1.4.2.3i

I'm having troubles getting tickets to renew using a Heimdal 1.0.1
KDC and Heimdal 1.0.1 clients.  The kdc.log has the message "Bad
request to validate ticket".  I've looked around a bit, and this is
caused by a null ticket start time in check_tgs_flags() in
krb5tgs.c *and* by tgt->flags.invalid being false (both conditions
are true in the if check).  By removing the check
for tgt->flags.invalid and by changing _kdc_as_rep() in kerberos5.c
to always assign a start time to a ticket (around line 1850), I can
now renew tickets.  Any thoughts about this?  


Index: kdc/krb5tgs.c
===================================================================
--- kdc/krb5tgs.c	(revision 22664)
+++ kdc/krb5tgs.c	(working copy)
@@ -366,7 +366,7 @@
     KDCOptions f = b->kdc_options;
 	
     if(f.validate){
-	if(!tgt->flags.invalid || tgt->starttime == NULL){
+	if(tgt->starttime == NULL){
 	    kdc_log(context, config, 0,
 		    "Bad request to validate ticket");
 	    return KRB5KDC_ERR_BADOPTION;
Index: kdc/kerberos5.c
===================================================================
--- kdc/kerberos5.c	(revision 22664)
+++ kdc/kerberos5.c	(working copy)
@@ -1494,11 +1494,12 @@
 	start = et.authtime = kdc_time;
     
 	if(f.postdated && req->req_body.from){
-	    ALLOC(et.starttime);
-	    start = *et.starttime = *req->req_body.from;
+	    start = *req->req_body.from;
 	    et.flags.invalid = 1;
 	    et.flags.postdated = 1; /* XXX ??? */
 	}
+	ALLOC(et.starttime);
+	*et.starttime = start;
 	_kdc_fix_time(&b->till);
 	t = *b->till;
 

-- 
Alec Kloss  alec@SetFilePointer.com   IM: angryspamhater@yahoo.com
PGP key at http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA241980E
"No Bunny!" -- Simon, from Frisky Dingo

PGP signature

Follow-Ups:
- Re: Renewing tickets broken on Heimdal 1.0.1
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: pagsh on OSX broken?
Next by Date: Re: Heimdal 1.1 telnetd broken under Solaris 10
Prev by thread: Re: pagsh on OSX broken?
Next by thread: Re: Renewing tickets broken on Heimdal 1.0.1
Index(es):
- Date
- Thread