[SCM] Samba Shared Repository - branch v4-19-test updated
Jule Anger
janger at samba.org
Wed Jul 10 13:30:02 UTC 2024
The branch, v4-19-test has been updated
via 8d08c814134 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)
from fee232dd9cf third_party: Update socket_wrapper to version 1.4.3
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -----------------------------------------------------------------
commit 8d08c8141344afe91052a258c22fae1ec886d8db
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 4 18:00:52 2024 +0200
third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)
Fix clock skew error message and memory cache clock skew recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224
(cherry picked from commit e4d6a19e49260af22bffd2a417119489719ba364)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Wed Jul 10 13:29:02 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
third_party/heimdal/lib/krb5/fast.c | 12 ++++++++----
third_party/heimdal/lib/krb5/mcache.c | 2 +-
2 files changed, 9 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/third_party/heimdal/lib/krb5/fast.c b/third_party/heimdal/lib/krb5/fast.c
index 90133a7abc0..4026ed62327 100644
--- a/third_party/heimdal/lib/krb5/fast.c
+++ b/third_party/heimdal/lib/krb5/fast.c
@@ -691,10 +691,14 @@ _krb5_fast_unwrap_error(krb5_context context,
idx = 0;
pa = krb5_find_padata(md->val, md->len, KRB5_PADATA_FX_FAST, &idx);
if (pa == NULL) {
- ret = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, ret,
- N_("FAST fast response is missing FX-FAST", ""));
- goto out;
+ /*
+ * Typically _krb5_fast_wrap_req() has set KRB5_FAST_EXPECTED, which
+ * means check_fast() will complain and return KRB5KRB_AP_ERR_MODIFIED.
+ *
+ * But for TGS-REP init_tgs_req() clears KRB5_FAST_EXPECTED and we'll
+ * ignore a missing KRB5_PADATA_FX_FAST.
+ */
+ return check_fast(context, state);
}
ret = unwrap_fast_rep(context, state, pa, &fastrep);
diff --git a/third_party/heimdal/lib/krb5/mcache.c b/third_party/heimdal/lib/krb5/mcache.c
index fdd5674c3b8..e916bf4e6be 100644
--- a/third_party/heimdal/lib/krb5/mcache.c
+++ b/third_party/heimdal/lib/krb5/mcache.c
@@ -225,7 +225,7 @@ mcc_initialize(krb5_context context,
*/
mcc_destroy_internal(context, m);
m->dead = 0;
- m->kdc_offset = 0;
+ m->kdc_offset = context->kdc_sec_offset;
m->mtime = time(NULL);
ret = krb5_copy_principal (context,
primary_principal,
--
Samba Shared Repository
More information about the samba-cvs
mailing list