[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Wed Oct 16 19:06:02 UTC 2024 

The branch, master has been updated
       via  ce10b28566e third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)
      from  6140c3177a0 smbd: fix share access check for overwrite dispostions

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ce10b28566eb7b3e26a1e404b278d3d761ac183e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Apr 30 18:24:33 2024 +0200

    third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)
    
    gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor
    
    Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they
    use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is
    implied.
    
    Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG
    when GSS_C_DCE_STYLE is used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740
    PR: https://github.com/heimdal/heimdal/pull/1266
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 third_party/heimdal/lib/gssapi/krb5/8003.c | 10 ++++++++++
 1 file changed, 10 insertions(+)


Changeset truncated at 500 lines:

diff --git a/third_party/heimdal/lib/gssapi/krb5/8003.c b/third_party/heimdal/lib/gssapi/krb5/8003.c
index 74ff349ab7b..340a9194a3b 100644
--- a/third_party/heimdal/lib/gssapi/krb5/8003.c
+++ b/third_party/heimdal/lib/gssapi/krb5/8003.c
@@ -239,6 +239,16 @@ _gsskrb5_verify_8003_checksum(
     _gss_mg_decode_le_uint32(p, flags);
     p += 4;
 
+    /*
+     * Sometimes Windows clients forget
+     * to set GSS_C_MUTUAL_FLAG together
+     * with GSS_C_DCE_STYLE, but
+     * DCE_STYLE implies mutual authentication
+     */
+    if (*flags & GSS_C_DCE_STYLE) {
+	*flags |= GSS_C_MUTUAL_FLAG;
+    }
+
     if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
 	if(cksum->checksum.length < 28) {
 	    *minor_status = 0;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list