[prev in list] [next in list] [prev in thread] [next in thread]
List: krbdev
Subject: Re: AS-REQ with till being the epoch
From: Greg Hudson <ghudson () mit ! edu>
Date: 2017-08-30 15:15:13
Message-ID: d9ffe554-530c-32c9-6ca0-bea785da490c () mit ! edu
[Download RAW message or body]
On 08/30/2017 10:34 AM, Weijun Wang wrote:
>> I guess you have also configured the KDC not to have any ticket lifetime
>> limits, so the KDC winds up using kdc_infinity (2**32-1) as the ticket
>> end time.
>
> No. I have "max_life = 10h 0m 0s" for the realm in kdc.conf.
Ah, then this is definitely a regression in the y2038 work, and it is
good that you noticed it.
> 1769 life = ts_delta(until, starttime);
>
> life is now a negative number.
>
> 1770
> 1771 if (client != NULL && client->max_life != 0)
> 1772 life = min(life, client->max_life);
>
> Why not call ts_min here? And below.
The theory was that ts_min() and related functions are necessary when
operating on timestamps, not intervals, because the goal of the y2038
work was to handle timestamps after 2038, not intervals larger than 2^31
seconds. But that theory obviously breaks down when we compute
intervals between the new kdc_infinity (2^32-1, up from 2^31-1) and the
current time as we do here. I will fix it. I will also look harder at
other uses of krb5_deltat.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic