[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Renewing tickets broken on Heimdal 1.0.1



I'm having troubles getting tickets to renew using a Heimdal 1.0.1
KDC and Heimdal 1.0.1 clients.  The kdc.log has the message "Bad
request to validate ticket".  I've looked around a bit, and this is
caused by a null ticket start time in check_tgs_flags() in
krb5tgs.c *and* by tgt->flags.invalid being false (both conditions
are true in the if check).  By removing the check
for tgt->flags.invalid and by changing _kdc_as_rep() in kerberos5.c
to always assign a start time to a ticket (around line 1850), I can
now renew tickets.  Any thoughts about this?  


Index: kdc/krb5tgs.c
===================================================================
--- kdc/krb5tgs.c	(revision 22664)
+++ kdc/krb5tgs.c	(working copy)
@@ -366,7 +366,7 @@
     KDCOptions f = b->kdc_options;
 	
     if(f.validate){
-	if(!tgt->flags.invalid || tgt->starttime == NULL){
+	if(tgt->starttime == NULL){
 	    kdc_log(context, config, 0,
 		    "Bad request to validate ticket");
 	    return KRB5KDC_ERR_BADOPTION;
Index: kdc/kerberos5.c
===================================================================
--- kdc/kerberos5.c	(revision 22664)
+++ kdc/kerberos5.c	(working copy)
@@ -1494,11 +1494,12 @@
 	start = et.authtime = kdc_time;
     
 	if(f.postdated && req->req_body.from){
-	    ALLOC(et.starttime);
-	    start = *et.starttime = *req->req_body.from;
+	    start = *req->req_body.from;
 	    et.flags.invalid = 1;
 	    et.flags.postdated = 1; /* XXX ??? */
 	}
+	ALLOC(et.starttime);
+	*et.starttime = start;
 	_kdc_fix_time(&b->till);
 	t = *b->till;
 

-- 
Alec Kloss  alec@SetFilePointer.com   IM: angryspamhater@yahoo.com
PGP key at http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA241980E
"No Bunny!" -- Simon, from Frisky Dingo

PGP signature