From af497dc77e0c053520cb94611fcea184c11020b9 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sat, 4 Nov 2006 23:55:22 +0000
Subject: [PATCH] DEVEL15-rxkad-server-bad-ticket-part-two-20061103

FIXES 43862

Ensure that tkt_DecodeTicket and rxkad_CheckResponse return the right
RXKAD errors for ticket expiration or invalidity.  Avoid calling
tkt_CheckTimes twice in rxkad_CheckResponse


(cherry picked from commit bf5bfc06638b028335ecdc19ce35315195fc6ffe)
---
 src/rxkad/rxkad_server.c | 8 ++++++--
 src/rxkad/ticket.c       | 8 +++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/rxkad/rxkad_server.c b/src/rxkad/rxkad_server.c
index 86608296e..85576dce1 100644
--- a/src/rxkad/rxkad_server.c
+++ b/src/rxkad/rxkad_server.c
@@ -352,11 +352,15 @@ rxkad_CheckResponse(struct rx_securityClass *aobj,
 			     client.instance, client.cell, &sessionkey, &host,
 			     &start, &end);
 	if (code)
-	    return RXKADBADTICKET;
+	    return code;
     }
     code = tkt_CheckTimes(start, end, time(0));
-    if (code == -1)
+    if (code == 0) 
+	return RXKADNOAUTH;
+    else if (code == -1)
 	return RXKADEXPIRED;
+    else if (code < -1)
+	return RXKADBADTICKET;
     else if (code <= 0)
 	return RXKADBADTICKET;
 
diff --git a/src/rxkad/ticket.c b/src/rxkad/ticket.c
index 2dbcce9a5..e8300b976 100644
--- a/src/rxkad/ticket.c
+++ b/src/rxkad/ticket.c
@@ -148,7 +148,13 @@ tkt_DecodeTicket(char *asecret, afs_int32 ticketLen,
 
     if (code)
 	return RXKADBADTICKET;
-    if (tkt_CheckTimes(*start, *end, time(0)) < -1)
+
+    code = tkt_CheckTimes(*start, *end, time(0));
+    if (code == 0)
+	return RXKADNOAUTH;
+    else if (code == -1)
+	return RXKADEXPIRED;
+    else if (code < -1)
 	return RXKADBADTICKET;
 
     return 0;
-- 
2.39.5