1/* 2 * $Id: lifetime.c,v 1.3 2001-06-25 20:13:45 rufustfirefly Exp $ 3 * 4 * Ticket lifetime. This defines the table used to lookup lifetime 5 * for the fixed part of rande of the one byte lifetime field. Values 6 * less than 0x80 are intrpreted as the number of 5 minute intervals. 7 * Values from 0x80 to 0xBF should be looked up in this table. The 8 * value of 0x80 is the same using both methods: 10 and two-thirds 9 * hours . The lifetime of 0xBF is 30 days. The intervening values 10 * of have a fixed ratio of roughly 1.06914. The value 0xFF is 11 * defined to mean a ticket has no expiration time. This should be 12 * used advisedly since individual servers may impose defacto 13 * upperbounds on ticket lifetimes. 14 */ 15 16#ifdef HAVE_CONFIG_H 17#include "config.h" 18#endif /* HAVE_CONFIG_H */ 19 20#include <sys/types.h> 21#include <netatalk/endian.h> 22 23#define TKTLIFENUMFIXED 64 24#define TKTLIFEMINFIXED 0x80 25#define TKTLIFEMAXFIXED 0xBF 26#define TKTLIFENOEXPIRE 0xFF 27#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ 28#ifndef NEVERDATE 29#define NEVERDATE ((u_int32_t)-1L) 30#endif /* NEVERDATE */ 31 32static int tkt_lifetimes[TKTLIFENUMFIXED] = { 33 38400, /* 10.67 hours, 0.44 days */ 34 41055, /* 11.40 hours, 0.48 days */ 35 43894, /* 12.19 hours, 0.51 days */ 36 46929, /* 13.04 hours, 0.54 days */ 37 50174, /* 13.94 hours, 0.58 days */ 38 53643, /* 14.90 hours, 0.62 days */ 39 57352, /* 15.93 hours, 0.66 days */ 40 61318, /* 17.03 hours, 0.71 days */ 41 65558, /* 18.21 hours, 0.76 days */ 42 70091, /* 19.47 hours, 0.81 days */ 43 74937, /* 20.82 hours, 0.87 days */ 44 80119, /* 22.26 hours, 0.93 days */ 45 85658, /* 23.79 hours, 0.99 days */ 46 91581, /* 25.44 hours, 1.06 days */ 47 97914, /* 27.20 hours, 1.13 days */ 48 104684, /* 29.08 hours, 1.21 days */ 49 111922, /* 31.09 hours, 1.30 days */ 50 119661, /* 33.24 hours, 1.38 days */ 51 127935, /* 35.54 hours, 1.48 days */ 52 136781, /* 37.99 hours, 1.58 days */ 53 146239, /* 40.62 hours, 1.69 days */ 54 156350, /* 43.43 hours, 1.81 days */ 55 167161, /* 46.43 hours, 1.93 days */ 56 178720, /* 49.64 hours, 2.07 days */ 57 191077, /* 53.08 hours, 2.21 days */ 58 204289, /* 56.75 hours, 2.36 days */ 59 218415, /* 60.67 hours, 2.53 days */ 60 233517, /* 64.87 hours, 2.70 days */ 61 249664, /* 69.35 hours, 2.89 days */ 62 266926, /* 74.15 hours, 3.09 days */ 63 285383, /* 79.27 hours, 3.30 days */ 64 305116, /* 84.75 hours, 3.53 days */ 65 326213, /* 90.61 hours, 3.78 days */ 66 348769, /* 96.88 hours, 4.04 days */ 67 372885, /* 103.58 hours, 4.32 days */ 68 398668, /* 110.74 hours, 4.61 days */ 69 426234, /* 118.40 hours, 4.93 days */ 70 455705, /* 126.58 hours, 5.27 days */ 71 487215, /* 135.34 hours, 5.64 days */ 72 520904, /* 144.70 hours, 6.03 days */ 73 556921, /* 154.70 hours, 6.45 days */ 74 595430, /* 165.40 hours, 6.89 days */ 75 636601, /* 176.83 hours, 7.37 days */ 76 680618, /* 189.06 hours, 7.88 days */ 77 727680, /* 202.13 hours, 8.42 days */ 78 777995, /* 216.11 hours, 9.00 days */ 79 831789, /* 231.05 hours, 9.63 days */ 80 889303, /* 247.03 hours, 10.29 days */ 81 950794, /* 264.11 hours, 11.00 days */ 82 1016537, /* 282.37 hours, 11.77 days */ 83 1086825, /* 301.90 hours, 12.58 days */ 84 1161973, /* 322.77 hours, 13.45 days */ 85 1242318, /* 345.09 hours, 14.38 days */ 86 1328218, /* 368.95 hours, 15.37 days */ 87 1420057, /* 394.46 hours, 16.44 days */ 88 1518247, /* 421.74 hours, 17.57 days */ 89 1623226, /* 450.90 hours, 18.79 days */ 90 1735464, /* 482.07 hours, 20.09 days */ 91 1855462, /* 515.41 hours, 21.48 days */ 92 1983758, /* 551.04 hours, 22.96 days */ 93 2120925, /* 589.15 hours, 24.55 days */ 94 2267576, /* 629.88 hours, 26.25 days */ 95 2424367, /* 673.44 hours, 28.06 days */ 96 2592000}; /* 720.00 hours, 30.00 days */ 97 98/* 99 * krb_life_to_time - takes a start time and a Kerberos standard 100 * lifetime char and returns the corresponding end time. There are 101 * four simple cases to be handled. The first is a life of 0xff, 102 * meaning no expiration, and results in an end time of 0xffffffff. 103 * The second is when life is less than the values covered by the 104 * table. In this case, the end time is the start time plus the 105 * number of 5 minute intervals specified by life. The third case 106 * returns start plus the MAXTKTLIFETIME if life is greater than 107 * TKTLIFEMAXFIXED. The last case, uses the life value (minus 108 * TKTLIFEMINFIXED) as an index into the table to extract the lifetime 109 * in seconds, which is added to start to produce the end time. 110 */ 111u_int32_t krb_life_to_time(start, life) 112u_int32_t start; 113int life; 114{ 115 life = (unsigned char) life; 116 if (life == TKTLIFENOEXPIRE) return NEVERDATE; 117 if (life < TKTLIFEMINFIXED) return start + life*5*60; 118 if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME; 119 return start + tkt_lifetimes[life - TKTLIFEMINFIXED]; 120} 121 122/* 123 * krb_time_to_life - takes start and end times for the ticket and 124 * returns a Kerberos standard lifetime char, possibily using the 125 * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the 126 * special case of (end == NEVERDATE) is handled to mean no 127 * expiration. Then negative lifetimes and those greater than the 128 * maximum ticket lifetime are rejected. Then lifetimes less than the 129 * first table entry are handled by rounding the requested lifetime 130 * *up* to the next 5 minute interval. The final step is to search 131 * the table for the smallest entry *greater than or equal* to the 132 * requested entry. 133 */ 134int krb_time_to_life(start, end) 135u_int32_t start; 136u_int32_t end; 137{ 138 int32_t lifetime; 139 int i; 140 141 if (end == NEVERDATE) return TKTLIFENOEXPIRE; 142 lifetime = end - start; 143 if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0; 144 if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60); 145 for (i=0; i<TKTLIFENUMFIXED; i++) { 146 if (lifetime <= tkt_lifetimes[i]) { 147 return i+TKTLIFEMINFIXED; 148 } 149 } 150 return 0; 151} 152