From 6cc3a89c55569dac54d52bef80d8509a6002df70 Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Tue, 20 Apr 1999 14:18:11 +0000
Subject: [PATCH] (krb5_decrypt_ticket): add `flags` and
 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is invalid

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6017 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/rd_req.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c
index 19e1818ad..ff4dd6e98 100644
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -123,7 +123,8 @@ krb5_error_code
 krb5_decrypt_ticket(krb5_context context,
 		    Ticket *ticket,
 		    krb5_keyblock *key,
-		    EncTicketPart *out)
+		    EncTicketPart *out,
+		    krb5_flags flags)
 {
     EncTicketPart t;
     krb5_error_code ret;
@@ -138,7 +139,9 @@ krb5_decrypt_ticket(krb5_context context,
 	krb5_timeofday (context, &now);
 	if(t.starttime)
 	    start = *t.starttime;
-	if(start - now > context->max_skew || t.flags.invalid)
+	if(start - now > context->max_skew
+	   || (t.flags.invalid
+	       && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID)))
 	    return KRB5KRB_AP_ERR_TKT_NYV;
 	if(now - t.endtime > context->max_skew)
 	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
@@ -196,6 +199,7 @@ krb5_verify_ap_req(krb5_context context,
 		   krb5_ap_req *ap_req,
 		   krb5_const_principal server,
 		   krb5_keyblock *keyblock,
+		   krb5_flags flags,
 		   krb5_flags *ap_req_options,
 		   krb5_ticket **ticket)
 {
@@ -215,15 +219,15 @@ krb5_verify_ap_req(krb5_context context,
     if (ap_req->ap_options.use_session_key && ac->keyblock){
 	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
 				  ac->keyblock, 
-				  &t.ticket);
+				  &t.ticket,
+				  flags);
 	krb5_free_keyblock(context, ac->keyblock);
 	ac->keyblock = NULL;
     }else
 	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
 				  keyblock, 
-				  &t.ticket);
-
-
+				  &t.ticket,
+				  flags);
     
     if(ret)
 	return ret;
@@ -330,6 +334,7 @@ krb5_rd_req_with_keyblock(krb5_context context,
 			     &ap_req,
 			     server,
 			     keyblock,
+			     0,
 			     ap_req_options,
 			     ticket);
 
@@ -426,6 +431,7 @@ krb5_rd_req(krb5_context context,
 			     &ap_req,
 			     server,
 			     keyblock,
+			     0,
 			     ap_req_options,
 			     ticket);