sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-21 09:34:19 +03:00
Code

third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)

Browse Source 
gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor

Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they
use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is
implied.

Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG
when GSS_C_DCE_STYLE is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740
PR: https://github.com/heimdal/heimdal/pull/1266

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224
This commit is contained in:
Stefan Metzmacher 2024-04-30 18:24:33 +02:00
parent 6140c3177a
commit ce10b28566
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
third_party/heimdal/lib/gssapi/krb5/8003.c vendored
View File

@ -239,6 +239,16 @@ _gsskrb5_verify_8003_checksum(
_gss_mg_decode_le_uint32(p, flags); _gss_mg_decode_le_uint32(p, flags);
p += 4; p += 4;
/*
* Sometimes Windows clients forget
* to set GSS_C_MUTUAL_FLAG together
* with GSS_C_DCE_STYLE, but
* DCE_STYLE implies mutual authentication
*/
if (*flags & GSS_C_DCE_STYLE) {
*flags |= GSS_C_MUTUAL_FLAG;
}
if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
if(cksum->checksum.length < 28) { if(cksum->checksum.length < 28) {
*minor_status = 0; *minor_status = 0;