git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Thu, 24 Aug 2017 19:58:07 +0000 (15:58 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 31 Aug 2017 03:37:58 +0000 (23:37 -0400)
commit	45c19b19ea4d47ac5969a9cbdb308201b16615d8
tree	d1d18a1562d29dafa374e1e05db696b4bbe6bf13	tree
parent	8c5d50888aab554239fd51306e79c5213833c898	commit \| diff

Issue trivially renewable tickets

If the client specifically asks for renewable tickets but the
renewable end time (either requested or after restrictions) doesn't
exceed the ticket end time, issue a renewable ticket anyway. Issuing
a non-renewable ticket (as we started doing in release 1.12, due to
the refactoring in commit 4f551a7ec126c52ee1f8fea4c3954015b70987bd)
can be unfriendly to scripts.

Also make sure never to issue a ticket with the renewable flag set but
no renew-till field, by clearing the renewable flag at the start of
kdc_get_ticket_renewtime(). The flag could have been previously set
by the assignment "enc_tkt_reply = *(header_ticket->enc_part2)" in
process_tgs_req() when processing a renewal request.

Modify t_renew.py to expect renewable tickets in some tests where it
previously did not, to check for specific lifetimes, and to check the
renewable flag as well as the renewable lifetime.

ticket: 8609

src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/tests/t_renew.py		diff \| blob \| blame \| history