git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 26 Jan 2015 23:38:16 +0000 (18:38 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Mon, 2 Feb 2015 17:11:18 +0000 (12:11 -0500)
commit	b0661f9176f5eb2644ba459e1b1e87d3dd502174
tree	8a248da4a927172b7e7a7192f7ff3c3f84dc592f	tree
parent	922f7d1230fe647821d9767fafef3774c5cfd2fc	commit \| diff

Remove starttime hack in EncTicketPart decoder

The EncTicketPart decoder sets starttime to authtime if it wasn't
included in the ASN.1 value.  This is problematic for upcoming CAMMAC
work, as we will need to re-encode a received EncTicketPart to check
the KDC verifier.  Remove that behavior and just use opt_kerberos_time
for the starttime field.  Adjust krb5_decode_test.c to match the new
decoder behavior.

Similarly, remove the process_tgs_req() code which sets starttime in
the header ticket if it isn't set.  Add a comment explaining the
unrelated code adjacent to it.

check_tgs_times() used the ticket starttime without checking if it was
present.  Add a fallback to times->authtime, and narrow the function
contract to make the implementation more concise.

There is a similar hack in the EncKDCRepPart decoder; leave that alone
for now.

src/kdc/do_tgs_req.c		diff \| blob \| blame \| history
src/kdc/tgs_policy.c		diff \| blob \| blame \| history
src/lib/krb5/asn.1/asn1_k_encode.c		diff \| blob \| blame \| history
src/tests/asn.1/krb5_decode_test.c		diff \| blob \| blame \| history