Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2574 From tlyu@MIT.EDU Tue Sep 24 19:26:35 1996 Received: from dragons-lair.MIT.EDU (DRAGONS-LAIR.MIT.EDU [18.177.1.200]) by avalanche-breakdown.MIT.EDU (8.7.5/8.7.3) with SMTP id TAA20277 for ; Tue, 24 Sep 1996 19:26:34 -0400 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by dragons-lair.MIT.EDU (8.6.13/8.6.9) with SMTP id TAA13574 for ; Tue, 24 Sep 1996 19:26:33 -0400 Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP id AA19090; Tue, 24 Sep 96 19:26:33 EDT Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA28026; Tue, 24 Sep 1996 19:26:32 -0400 Message-Id: <9609242326.AA28026@tesla-coil.MIT.EDU> Date: Tue, 24 Sep 1996 19:26:32 -0400 From: tlyu@MIT.EDU Reply-To: tlyu@MIT.EDU To: krb5-bugs@MIT.EDU Subject: Bug in lifetime handling in krb524d X-Send-Pr-Version: 3.99 >Number: 22 >Category: krb5-kdc >Synopsis: Bug in lifetime handling in krb524d >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue Sep e 19:30:01 EDT 1996 >Last-Modified: Thu Dec 05 23:27:50 EST 1996 >Originator: Tom Yu >Organization: mit >Release: unknown-1.0 >Environment: System: SunOS tesla-coil 5.4 Generic_101945-37 sun4m sparc >Description: Date: Mon, 26 Aug 1996 18:54:08 -0400 From: Ken Hornstein I noticed today that krb524d has a problem when calculating ticket lifetime. It uses the current time and subtracts the expiration time to get the V4 ticket lifetime, instead of the start time. This is fine if you get your V4 tickets right when you get your V5 tickets, but it doesn't work if you get your V4 tickets later than your start time. >How-To-Repeat: >Fix: (from kenh) --- src/krb524/cnv_tkt_skey.c.orig Mon Aug 26 18:42:51 1996 +++ src/krb524/cnv_tkt_skey.c Mon Aug 26 18:43:31 1996 @@ -111,7 +111,7 @@ } if ( (server_time+context->clockskew >= v5etkt->times.starttime) && (server_time-context->clockskew <= v5etkt->times.endtime)) { - deltatime = v5etkt->times.endtime - (server_time-context->clockskew); + deltatime = v5etkt->times.endtime - v5etkt->times.starttime; lifetime = deltatime / 300; /* if (lifetime > 255) lifetime = 255; */ if (lifetime > 127) { >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: tytso State-Changed-When: Thu Dec 5 23:19:33 1996 State-Changed-Why: problem closed, see pr#283 >Unformatted: