directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r558307 - /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
Date Sat, 21 Jul 2007 11:30:22 GMT
Author: erodriguez
Date: Sat Jul 21 04:30:21 2007
New Revision: 558307

URL: http://svn.apache.org/viewvc?view=rev&rev=558307
Log:
Fixed a minor bug where renew-till time as requested by client was not honored.

Modified:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java?view=diff&rev=558307&r1=558306&r2=558307
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
Sat Jul 21 04:30:21 2007
@@ -125,6 +125,7 @@
         newTicketBody.setTransitedEncoding( new TransitedEncoding() );
 
         KerberosTime now = new KerberosTime();
+
         newTicketBody.setAuthTime( now );
 
         KerberosTime startTime = request.getFrom();
@@ -212,7 +213,8 @@
          * flag is set in the new ticket, and the renew-till value is set as if the
          * 'RENEWABLE' option were requested."
          */
-        long tempRtime = 0;
+        KerberosTime tempRtime = request.getRtime();
+
         if ( request.getKdcOptions().get( KdcOptions.RENEWABLE_OK ) && request.getTill().greaterThan(
kerberosEndTime ) )
         {
             if ( !config.isRenewableAllowed() )
@@ -221,7 +223,7 @@
             }
 
             request.getKdcOptions().set( KdcOptions.RENEWABLE );
-            tempRtime = request.getTill().getTime();
+            tempRtime = request.getTill();
         }
 
         /*
@@ -235,15 +237,6 @@
          omit new_tkt.renew-till;
          endif
          */
-        if ( tempRtime == 0 || request.getRtime() == null )
-        {
-            tempRtime = request.getTill().getTime();
-        }
-        else
-        {
-            tempRtime = request.getRtime().getTime();
-        }
-
         if ( request.getKdcOptions().get( KdcOptions.RENEWABLE ) )
         {
             if ( !config.isRenewableAllowed() )
@@ -253,7 +246,12 @@
 
             newTicketBody.setFlag( TicketFlags.RENEWABLE );
 
-            long renewTill = Math.min( tempRtime, startTime.getTime() + config.getMaximumRenewableLifetime()
);
+            if ( tempRtime == null || tempRtime.isZero() )
+            {
+                tempRtime = KerberosTime.INFINITY;
+            }
+
+            long renewTill = Math.min( tempRtime.getTime(), startTime.getTime() + config.getMaximumRenewableLifetime()
);
             newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
         }
 



Mime
View raw message