From 1313e6ac4a76f5a9fd492bedb271181d483b6405 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Fri, 6 Feb 2004 21:10:15 +0000
Subject: [PATCH] Do not consider TGS options to be critical; ignore unknown
 options

Ticket: 2189
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/ChangeLog  | 4 ++++
 src/kdc/kdc_util.c | 9 +++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 04af11ea7..ed48e562b 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,7 @@
+2004-02-06  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+	* kdc_util.c:  Ignore unknown TGS options
+
 2004-01-05  Sam Hartman  <hartmans@mit.edu>
 
 	* kerberos_v4.c (kerberos_v4): Only backdate the rquest in the
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index f0baf474f..4e2b26d42 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1113,13 +1113,10 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
     int		st_idx = 0;
 
     /*
-     * If an illegal option is set, complain.
+     * If an illegal option is set, ignore it.
      */
-    if (request->kdc_options & ~(TGS_OPTIONS_HANDLED)) {
-	*status = "INVALID TGS OPTIONS";
-	return KDC_ERR_BADOPTION;
-    }
-    
+    request->kdc_options &= ~(TGS_OPTIONS_HANDLED);
+
     /* Check to see if server has expired */
     if (server.expiration && server.expiration < kdc_time) {
 	*status = "SERVICE EXPIRED";
-- 
2.26.2