03656ac1b0
the "core" Kerberos functionality. The rest of the userland will get their own changes later.
214 lines
7.3 KiB
C
214 lines
7.3 KiB
C
/*
|
|
* Ticket lifetime. This defines the table used to lookup lifetime
|
|
* for the fixed part of rande of the one byte lifetime field. Values
|
|
* less than 0x80 are intrpreted as the number of 5 minute intervals.
|
|
* Values from 0x80 to 0xBF should be looked up in this table. The
|
|
* value of 0x80 is the same using both methods: 10 and two-thirds
|
|
* hours . The lifetime of 0xBF is 30 days. The intervening values
|
|
* of have a fixed ratio of roughly 1.06914. The value 0xFF is
|
|
* defined to mean a ticket has no expiration time. This should be
|
|
* used advisedly since individual servers may impose defacto
|
|
* upperbounds on ticket lifetimes.
|
|
*/
|
|
|
|
#include "krb_locl.h"
|
|
|
|
RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $");
|
|
|
|
/* If you want to disable this feature */
|
|
int krb_no_long_lifetimes = 0;
|
|
|
|
#define TKTLIFENUMFIXED 64
|
|
#define TKTLIFEMINFIXED 0x80
|
|
#define TKTLIFEMAXFIXED 0xBF
|
|
#define TKTLIFENOEXPIRE 0xFF
|
|
#define MAXTKTLIFETIME (30*24*3600) /* 30 days */
|
|
#ifndef NEVERDATE
|
|
#define NEVERDATE ((unsigned long)0x7fffffffL)
|
|
#endif
|
|
|
|
static const int tkt_lifetimes[TKTLIFENUMFIXED] = {
|
|
38400, /* 10.67 hours, 0.44 days */
|
|
41055, /* 11.40 hours, 0.48 days */
|
|
43894, /* 12.19 hours, 0.51 days */
|
|
46929, /* 13.04 hours, 0.54 days */
|
|
50174, /* 13.94 hours, 0.58 days */
|
|
53643, /* 14.90 hours, 0.62 days */
|
|
57352, /* 15.93 hours, 0.66 days */
|
|
61318, /* 17.03 hours, 0.71 days */
|
|
65558, /* 18.21 hours, 0.76 days */
|
|
70091, /* 19.47 hours, 0.81 days */
|
|
74937, /* 20.82 hours, 0.87 days */
|
|
80119, /* 22.26 hours, 0.93 days */
|
|
85658, /* 23.79 hours, 0.99 days */
|
|
91581, /* 25.44 hours, 1.06 days */
|
|
97914, /* 27.20 hours, 1.13 days */
|
|
104684, /* 29.08 hours, 1.21 days */
|
|
111922, /* 31.09 hours, 1.30 days */
|
|
119661, /* 33.24 hours, 1.38 days */
|
|
127935, /* 35.54 hours, 1.48 days */
|
|
136781, /* 37.99 hours, 1.58 days */
|
|
146239, /* 40.62 hours, 1.69 days */
|
|
156350, /* 43.43 hours, 1.81 days */
|
|
167161, /* 46.43 hours, 1.93 days */
|
|
178720, /* 49.64 hours, 2.07 days */
|
|
191077, /* 53.08 hours, 2.21 days */
|
|
204289, /* 56.75 hours, 2.36 days */
|
|
218415, /* 60.67 hours, 2.53 days */
|
|
233517, /* 64.87 hours, 2.70 days */
|
|
249664, /* 69.35 hours, 2.89 days */
|
|
266926, /* 74.15 hours, 3.09 days */
|
|
285383, /* 79.27 hours, 3.30 days */
|
|
305116, /* 84.75 hours, 3.53 days */
|
|
326213, /* 90.61 hours, 3.78 days */
|
|
348769, /* 96.88 hours, 4.04 days */
|
|
372885, /* 103.58 hours, 4.32 days */
|
|
398668, /* 110.74 hours, 4.61 days */
|
|
426234, /* 118.40 hours, 4.93 days */
|
|
455705, /* 126.58 hours, 5.27 days */
|
|
487215, /* 135.34 hours, 5.64 days */
|
|
520904, /* 144.70 hours, 6.03 days */
|
|
556921, /* 154.70 hours, 6.45 days */
|
|
595430, /* 165.40 hours, 6.89 days */
|
|
636601, /* 176.83 hours, 7.37 days */
|
|
680618, /* 189.06 hours, 7.88 days */
|
|
727680, /* 202.13 hours, 8.42 days */
|
|
777995, /* 216.11 hours, 9.00 days */
|
|
831789, /* 231.05 hours, 9.63 days */
|
|
889303, /* 247.03 hours, 10.29 days */
|
|
950794, /* 264.11 hours, 11.00 days */
|
|
1016537, /* 282.37 hours, 11.77 days */
|
|
1086825, /* 301.90 hours, 12.58 days */
|
|
1161973, /* 322.77 hours, 13.45 days */
|
|
1242318, /* 345.09 hours, 14.38 days */
|
|
1328218, /* 368.95 hours, 15.37 days */
|
|
1420057, /* 394.46 hours, 16.44 days */
|
|
1518247, /* 421.74 hours, 17.57 days */
|
|
1623226, /* 450.90 hours, 18.79 days */
|
|
1735464, /* 482.07 hours, 20.09 days */
|
|
1855462, /* 515.41 hours, 21.48 days */
|
|
1983758, /* 551.04 hours, 22.96 days */
|
|
2120925, /* 589.15 hours, 24.55 days */
|
|
2267576, /* 629.88 hours, 26.25 days */
|
|
2424367, /* 673.44 hours, 28.06 days */
|
|
2592000}; /* 720.00 hours, 30.00 days */
|
|
|
|
/*
|
|
* krb_life_to_time - takes a start time and a Kerberos standard
|
|
* lifetime char and returns the corresponding end time. There are
|
|
* four simple cases to be handled. The first is a life of 0xff,
|
|
* meaning no expiration, and results in an end time of 0xffffffff.
|
|
* The second is when life is less than the values covered by the
|
|
* table. In this case, the end time is the start time plus the
|
|
* number of 5 minute intervals specified by life. The third case
|
|
* returns start plus the MAXTKTLIFETIME if life is greater than
|
|
* TKTLIFEMAXFIXED. The last case, uses the life value (minus
|
|
* TKTLIFEMINFIXED) as an index into the table to extract the lifetime
|
|
* in seconds, which is added to start to produce the end time.
|
|
*/
|
|
u_int32_t
|
|
krb_life_to_time(u_int32_t start, int life_)
|
|
{
|
|
unsigned char life = (unsigned char) life_;
|
|
|
|
if (krb_no_long_lifetimes) return start + life*5*60;
|
|
|
|
if (life == TKTLIFENOEXPIRE) return NEVERDATE;
|
|
if (life < TKTLIFEMINFIXED) return start + life*5*60;
|
|
if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME;
|
|
return start + tkt_lifetimes[life - TKTLIFEMINFIXED];
|
|
}
|
|
|
|
/*
|
|
* krb_time_to_life - takes start and end times for the ticket and
|
|
* returns a Kerberos standard lifetime char, possibily using the
|
|
* tkt_lifetimes table for lifetimes above 127*5 minutes. First, the
|
|
* special case of (end == NEVERDATE) is handled to mean no
|
|
* expiration. Then negative lifetimes and those greater than the
|
|
* maximum ticket lifetime are rejected. Then lifetimes less than the
|
|
* first table entry are handled by rounding the requested lifetime
|
|
* *up* to the next 5 minute interval. The final step is to search
|
|
* the table for the smallest entry *greater than or equal* to the
|
|
* requested entry.
|
|
*/
|
|
int krb_time_to_life(u_int32_t start, u_int32_t end)
|
|
{
|
|
int i;
|
|
long lifetime = end - start;
|
|
|
|
if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60);
|
|
|
|
if (end >= NEVERDATE) return TKTLIFENOEXPIRE;
|
|
if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0;
|
|
if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60);
|
|
for (i=0; i<TKTLIFENUMFIXED; i++) {
|
|
if (lifetime <= tkt_lifetimes[i]) {
|
|
return i+TKTLIFEMINFIXED;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
char *
|
|
krb_life_to_atime(int life)
|
|
{
|
|
static char atime[11+1+2+1+2+1+2+1];
|
|
unsigned long when;
|
|
int secs, mins, hours;
|
|
|
|
if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes)
|
|
return("Forever");
|
|
when = krb_life_to_time(0, life);
|
|
secs = when%60;
|
|
when /= 60;
|
|
mins = when%60;
|
|
when /= 60;
|
|
hours = when%24;
|
|
when /= 24;
|
|
snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs);
|
|
return(atime);
|
|
}
|
|
|
|
int
|
|
krb_atime_to_life(char *atime)
|
|
{
|
|
unsigned long when = 0;
|
|
char *cp;
|
|
int colon = 0, plus = 0;
|
|
int n = 0;
|
|
|
|
if (strcasecmp(atime, "forever") == 0)
|
|
return(TKTLIFENOEXPIRE);
|
|
|
|
for (cp=atime; *cp; cp++) {
|
|
switch(*cp) {
|
|
case '0': case '1': case '2': case '3': case '4':
|
|
case '5': case '6': case '7': case '8': case '9':
|
|
n = n*10 + *cp-'0';
|
|
break;
|
|
case '+':
|
|
plus++;
|
|
when += n;
|
|
when *= 24;
|
|
n = 0;
|
|
break;
|
|
case ':':
|
|
colon++;
|
|
when += n;
|
|
when *= 60;
|
|
n = 0;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
when += n;
|
|
if (plus == 0 && colon == 0)
|
|
return((unsigned char)when);
|
|
while (colon < 2) {
|
|
when *= 60;
|
|
colon++;
|
|
}
|
|
return(krb_time_to_life(0,when));
|
|
}
|