Do not consider TGS options to be critical; ignore unknown options

author Sam Hartman <hartmans@mit.edu>

Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)

committer Sam Hartman <hartmans@mit.edu>

Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)
author Sam Hartman <hartmans@mit.edu>
Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)
committer Sam Hartman <hartmans@mit.edu>
Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog

index 04af11ea75f12c2db856a749ba3b5bdc46d78cb9..ed48e562bae8bef22d810beff56c111430420f72 100644 (file)
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,7 @@
+2004-02-06  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * kdc_util.c:  Ignore unknown TGS options
+
  2004-01-05  Sam Hartman  <hartmans@mit.edu>
  
         * kerberos_v4.c (kerberos_v4): Only backdate the rquest in the
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c

index f0baf474fb1aa36c5b84b86e2c7aa81cc95d1e03..4e2b26d4294954150a7d5078d4a7cd294ceaec5e 100644 (file)
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1113,13 +1113,10 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
      int                st_idx = 0;
  
      /*
-     * If an illegal option is set, complain.
+     * If an illegal option is set, ignore it.
       */
-    if (request->kdc_options & ~(TGS_OPTIONS_HANDLED)) {
-       *status = "INVALID TGS OPTIONS";
-       return KDC_ERR_BADOPTION;
-    }
-    
+    request->kdc_options &= ~(TGS_OPTIONS_HANDLED);
+
      /* Check to see if server has expired */
      if (server.expiration && server.expiration < kdc_time) {
         *status = "SERVICE EXPIRED";
author	Sam Hartman <hartmans@mit.edu>
	Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)
committer	Sam Hartman <hartmans@mit.edu>
	Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)
src/kdc/ChangeLog		patch \| blob \| history
src/kdc/kdc_util.c		patch \| blob \| history