Patch to get new service tickets in preference to using expired

service tickets in krb5_get_credentials.

Ticket: 1260

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15106 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 15 insertions, 1 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 826cdc0..452950b 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,11 @@
+2003-01-09  Sam Hartman  <hartmans@mit.edu>
+
+	* get_creds.c (krb5_get_credentials_core): Patch from Ben Cox
+	<cox-work@djehuti.com> to not use expired service credentials if
+	the endtime is null but instead to search for unexpired
+	credentials.  If none are found, get new credentials.
+	
+
 2003-01-08  Sam Hartman  <hartmans@mit.edu>
 
 	* fwd_tgt.c (krb5_fwd_tgt_creds): Don't require hostname to be supplied unless you are using addresses in the ticket.
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 9349710..cb6d8b1 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -55,7 +55,13 @@ krb5_get_credentials_core(krb5_context context, krb5_flags options,
 
     memset((char *)mcreds, 0, sizeof(krb5_creds));
     mcreds->magic = KV5M_CREDS;
-    mcreds->times.endtime = in_creds->times.endtime;
+    if (in_creds->times.endtime != 0) {
+	mcreds->times.endtime = in_creds->times.endtime;
+    } else {
+	krb5_error_code retval;
+	retval = krb5_timeofday(context, &mcreds->times.endtime);
+	if (retval != 0) return retval;
+    }
 #ifdef HAVE_C_STRUCTURE_ASSIGNMENT
     mcreds->keyblock = in_creds->keyblock;
 #else