The Samba-Bugzilla – Attachment 18486 Details for
Bug 15740
gss_accept_sec_context() from Heimdal does not imply GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Patch for v4-20-test
bfixes-tmp420.txt (text/plain), 1.79 KB, created by
Stefan Metzmacher
on 2024-10-29 08:05:31 UTC
(
hide
)
Description:
Patch for v4-20-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2024-10-29 08:05:31 UTC
Size:
1.79 KB
patch
obsolete
>From fa574f0311e927a8fc7f94aeb0501116778c26fa Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 30 Apr 2024 18:24:33 +0200 >Subject: [PATCH] third_party/heimdal: Import lorikeet-heimdal-202410161454 > (commit 0d61538a16b5051c820702f0711102112cd01a83) > >gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor > >Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they >use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is >implied. > >Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG >when GSS_C_DCE_STYLE is used. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740 >PR: https://github.com/heimdal/heimdal/pull/1266 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224 > >(cherry picked from commit ce10b28566eb7b3e26a1e404b278d3d761ac183e) >--- > third_party/heimdal/lib/gssapi/krb5/8003.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/third_party/heimdal/lib/gssapi/krb5/8003.c b/third_party/heimdal/lib/gssapi/krb5/8003.c >index 74ff349ab7b3..340a9194a3b7 100644 >--- a/third_party/heimdal/lib/gssapi/krb5/8003.c >+++ b/third_party/heimdal/lib/gssapi/krb5/8003.c >@@ -239,6 +239,16 @@ _gsskrb5_verify_8003_checksum( > _gss_mg_decode_le_uint32(p, flags); > p += 4; > >+ /* >+ * Sometimes Windows clients forget >+ * to set GSS_C_MUTUAL_FLAG together >+ * with GSS_C_DCE_STYLE, but >+ * DCE_STYLE implies mutual authentication >+ */ >+ if (*flags & GSS_C_DCE_STYLE) { >+ *flags |= GSS_C_MUTUAL_FLAG; >+ } >+ > if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { > if(cksum->checksum.length < 28) { > *minor_status = 0; >-- >2.34.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18486">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 15740
:
18485
| 18486