2 * Ticket lifetime. This defines the table used to lookup lifetime
3 * for the fixed part of rande of the one byte lifetime field. Values
4 * less than 0x80 are intrpreted as the number of 5 minute intervals.
5 * Values from 0x80 to 0xBF should be looked up in this table. The
6 * value of 0x80 is the same using both methods: 10 and two-thirds
7 * hours . The lifetime of 0xBF is 30 days. The intervening values
8 * of have a fixed ratio of roughly 1.06914. The value 0xFF is
9 * defined to mean a ticket has no expiration time. This should be
10 * used advisedly since individual servers may impose defacto
11 * upperbounds on ticket lifetimes.
14 #include "rxkad_locl.h"
22 /* If you want to disable this feature */
23 int krb4_no_long_lifetimes
= 0;
25 #define TKTLIFENUMFIXED 64
26 #define TKTLIFEMINFIXED 0x80
27 #define TKTLIFEMAXFIXED 0xBF
28 #define TKTLIFENOEXPIRE 0xFF
29 #define MAXTKTLIFETIME (30*24*3600) /* 30 days */
31 #define NEVERDATE ((unsigned long)0x7fffffffL)
34 static const int tkt_lifetimes
[TKTLIFENUMFIXED
] = {
35 38400, /* 10.67 hours, 0.44 days */
36 41055, /* 11.40 hours, 0.48 days */
37 43894, /* 12.19 hours, 0.51 days */
38 46929, /* 13.04 hours, 0.54 days */
39 50174, /* 13.94 hours, 0.58 days */
40 53643, /* 14.90 hours, 0.62 days */
41 57352, /* 15.93 hours, 0.66 days */
42 61318, /* 17.03 hours, 0.71 days */
43 65558, /* 18.21 hours, 0.76 days */
44 70091, /* 19.47 hours, 0.81 days */
45 74937, /* 20.82 hours, 0.87 days */
46 80119, /* 22.26 hours, 0.93 days */
47 85658, /* 23.79 hours, 0.99 days */
48 91581, /* 25.44 hours, 1.06 days */
49 97914, /* 27.20 hours, 1.13 days */
50 104684, /* 29.08 hours, 1.21 days */
51 111922, /* 31.09 hours, 1.30 days */
52 119661, /* 33.24 hours, 1.38 days */
53 127935, /* 35.54 hours, 1.48 days */
54 136781, /* 37.99 hours, 1.58 days */
55 146239, /* 40.62 hours, 1.69 days */
56 156350, /* 43.43 hours, 1.81 days */
57 167161, /* 46.43 hours, 1.93 days */
58 178720, /* 49.64 hours, 2.07 days */
59 191077, /* 53.08 hours, 2.21 days */
60 204289, /* 56.75 hours, 2.36 days */
61 218415, /* 60.67 hours, 2.53 days */
62 233517, /* 64.87 hours, 2.70 days */
63 249664, /* 69.35 hours, 2.89 days */
64 266926, /* 74.15 hours, 3.09 days */
65 285383, /* 79.27 hours, 3.30 days */
66 305116, /* 84.75 hours, 3.53 days */
67 326213, /* 90.61 hours, 3.78 days */
68 348769, /* 96.88 hours, 4.04 days */
69 372885, /* 103.58 hours, 4.32 days */
70 398668, /* 110.74 hours, 4.61 days */
71 426234, /* 118.40 hours, 4.93 days */
72 455705, /* 126.58 hours, 5.27 days */
73 487215, /* 135.34 hours, 5.64 days */
74 520904, /* 144.70 hours, 6.03 days */
75 556921, /* 154.70 hours, 6.45 days */
76 595430, /* 165.40 hours, 6.89 days */
77 636601, /* 176.83 hours, 7.37 days */
78 680618, /* 189.06 hours, 7.88 days */
79 727680, /* 202.13 hours, 8.42 days */
80 777995, /* 216.11 hours, 9.00 days */
81 831789, /* 231.05 hours, 9.63 days */
82 889303, /* 247.03 hours, 10.29 days */
83 950794, /* 264.11 hours, 11.00 days */
84 1016537, /* 282.37 hours, 11.77 days */
85 1086825, /* 301.90 hours, 12.58 days */
86 1161973, /* 322.77 hours, 13.45 days */
87 1242318, /* 345.09 hours, 14.38 days */
88 1328218, /* 368.95 hours, 15.37 days */
89 1420057, /* 394.46 hours, 16.44 days */
90 1518247, /* 421.74 hours, 17.57 days */
91 1623226, /* 450.90 hours, 18.79 days */
92 1735464, /* 482.07 hours, 20.09 days */
93 1855462, /* 515.41 hours, 21.48 days */
94 1983758, /* 551.04 hours, 22.96 days */
95 2120925, /* 589.15 hours, 24.55 days */
96 2267576, /* 629.88 hours, 26.25 days */
97 2424367, /* 673.44 hours, 28.06 days */
98 2592000}; /* 720.00 hours, 30.00 days */
101 * krb_life_to_time - takes a start time and a Kerberos standard
102 * lifetime char and returns the corresponding end time. There are
103 * four simple cases to be handled. The first is a life of 0xff,
104 * meaning no expiration, and results in an end time of 0xffffffff.
105 * The second is when life is less than the values covered by the
106 * table. In this case, the end time is the start time plus the
107 * number of 5 minute intervals specified by life. The third case
108 * returns start plus the MAXTKTLIFETIME if life is greater than
109 * TKTLIFEMAXFIXED. The last case, uses the life value (minus
110 * TKTLIFEMINFIXED) as an index into the table to extract the lifetime
111 * in seconds, which is added to start to produce the end time.
114 krb4_life_to_time(u_int32_t start
, int life_
)
116 unsigned char life
= (unsigned char) life_
;
118 if (krb4_no_long_lifetimes
) return start
+ life
*5*60;
120 if (life
== TKTLIFENOEXPIRE
) return NEVERDATE
;
121 if (life
< TKTLIFEMINFIXED
) return start
+ life
*5*60;
122 if (life
> TKTLIFEMAXFIXED
) return start
+ MAXTKTLIFETIME
;
123 return start
+ tkt_lifetimes
[life
- TKTLIFEMINFIXED
];
127 * krb_time_to_life - takes start and end times for the ticket and
128 * returns a Kerberos standard lifetime char, possibily using the
129 * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the
130 * special case of (end == NEVERDATE) is handled to mean no
131 * expiration. Then negative lifetimes and those greater than the
132 * maximum ticket lifetime are rejected. Then lifetimes less than the
133 * first table entry are handled by rounding the requested lifetime
134 * *up* to the next 5 minute interval. The final step is to search
135 * the table for the smallest entry *greater than or equal* to the
138 int krb_time_to_life(u_int32_t start
, u_int32_t end
)
141 long lifetime
= end
- start
;
143 if (krb4_no_long_lifetimes
) return (lifetime
+ 5*60 - 1)/(5*60);
145 if (end
>= NEVERDATE
) return TKTLIFENOEXPIRE
;
146 if (lifetime
> MAXTKTLIFETIME
|| lifetime
<= 0) return 0;
147 if (lifetime
< tkt_lifetimes
[0]) return (lifetime
+ 5*60 - 1)/(5*60);
148 for (i
=0; i
<TKTLIFENUMFIXED
; i
++) {
149 if (lifetime
<= tkt_lifetimes
[i
]) {
150 return i
+TKTLIFEMINFIXED
;
157 krb4_life_to_atime(int life
)
159 static char atime
[11+1+2+1+2+1+2+1];
161 int secs
, mins
, hours
;
163 if (life
== TKTLIFENOEXPIRE
&& !krb4_no_long_lifetimes
)
165 when
= krb4_life_to_time(0, life
);
172 snprintf(atime
, sizeof(atime
), "%d+%02d:%02d:%02d", (int)when
, hours
, mins
, secs
);
177 krb4_atime_to_life(char *atime
)
179 unsigned long when
= 0;
181 int colon
= 0, plus
= 0;
184 if (strcasecmp(atime
, "forever") == 0)
185 return(TKTLIFENOEXPIRE
);
187 for (cp
=atime
; *cp
; cp
++) {
189 case '0': case '1': case '2': case '3': case '4':
190 case '5': case '6': case '7': case '8': case '9':
210 if (plus
== 0 && colon
== 0)
211 return((unsigned char)when
);
216 return(krb_time_to_life(0,when
));