Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP id NAA27294; Thu, 12 Feb 2004 13:17:29 -0500 (EST) Received: from brmea-mail-3.sun.com (brmea-mail-3.Sun.COM [192.18.98.34]) by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id i1CIHSZ6007174 for ; Thu, 12 Feb 2004 13:17:28 -0500 (EST) Received: from jurassic.eng.sun.com ([129.146.84.45]) by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id i1CIHRi5018410 for ; Thu, 12 Feb 2004 11:17:28 -0700 (MST) Received: from 192.129.100.95 (vpn-129-152-200-39.East.Sun.COM [129.152.200.39]) by jurassic.eng.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i1CIHPcJ329449 for ; Thu, 12 Feb 2004 10:17:25 -0800 (PST) Subject: kdc_util.c bug - validate_tgs_request clears all kdc_options From: Wyllys Ingersoll Reply-To: wyllys.ingersoll@sun.com To: krb5-bugs@mit.edu Content-Type: text/plain Message-Id: <1076609624.7268.39.camel@pebblebeach.wki.test.net> MIME-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 12 Feb 2004 13:13:45 -0500 Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: iso-8859-1 Content-Length: 465 The new code in kdc_util.c request->kdc_options &= ~(TGS_OPTIONS_HANDLED); Actually causes clears the kdc_options field of all handled options, which (in most cases) zeros the field. This is probably not intended... To properly disable unrecognized flags, I think you need to do something like this: badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED)); request->kdc_options &= ~badflags; -Wyllys -- Wyllys Ingersoll