git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Thu, 6 Jun 2013 18:44:30 +0000 (14:44 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 7 Jun 2013 00:09:46 +0000 (20:09 -0400)
commit	4f551a7ec126c52ee1f8fea4c3954015b70987bd
tree	cee645af15058887e48a9d054c806b9db4be3715	tree
parent	6936d2792fda4d92cb78bcb12fd51d6ea23a746a	commit \| diff

Refactor KDC renewable ticket handling

Create a new helper to compute the renewable lifetime for AS and TGS
requests.  This has some minor behavior differences:

* We only issue a renewable ticket if the renewable lifetime is greater
  than the normal ticket lifetime.

* We give RENEWABLE precedence over RENEWABLE-OK in determining the
  requested renewable lifetime, instead of sometimes doing the
  reverse.

* We use the client's maximum renewable life for TGS requests if we
  have looked up its DB entry.

* Instead of rejecting requests for renewable tickets (if the client
  or server principal doesn't allow it, or a TGS request's TGT isn't
  renewable), issue non-renewable tickets.

ticket: 7661 (new)

src/kdc/do_as_req.c		diff \| blob \| blame \| history
src/kdc/do_tgs_req.c		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/kdc/kdc_util.h		diff \| blob \| blame \| history
src/kdc/tgs_policy.c		diff \| blob \| blame \| history
src/tests/t_renew.py		diff \| blob \| blame \| history