From b293e5caead1cb11ca5c8429d3e14111d020d81f Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Sun, 7 Sep 1997 12:33:40 +0000
Subject: [PATCH] Check invalid flag.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3402 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos5.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 7e49ff42f..b3836b345 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -147,7 +147,19 @@ as_rep(KDC_REQ *req,
 	goto out;
     }
 
-    if (client->pw_end && *client->pw_end < kdc_time
+     if (client->flags.invalid) {
+	ret = KRB5KDC_ERR_POLICY;
+	kdc_log(0, "Client (%s) has invalid bit set", client_name);
+	goto out;
+    }
+
+    if (server->flags.invalid) {
+	ret = KRB5KDC_ERR_POLICY;
+	kdc_log(0, "Server (%s) has invalid bit set", server_name);
+	goto out;
+    }
+
+   if (client->pw_end && *client->pw_end < kdc_time
 	&& !server->flags.change_pw) {
 	ret = KRB5KDC_ERR_KEY_EXPIRED;
 	kdc_log(0, "Client (%s)'s key has expired", client_name);