third_party:heimdal: import lorikeet-heimdal-202510192136

author Gary Lockyer <gary@catalyst.net.nz>

Sun, 19 Oct 2025 22:44:26 +0000 (11:44 +1300)

committer Douglas Bagnall <dbagnall@samba.org>

Thu, 13 Nov 2025 22:09:33 +0000 (22:09 +0000)
author Gary Lockyer <gary@catalyst.net.nz>
Sun, 19 Oct 2025 22:44:26 +0000 (11:44 +1300)
committer Douglas Bagnall <dbagnall@samba.org>
Thu, 13 Nov 2025 22:09:33 +0000 (22:09 +0000)
diff --git a/third_party/heimdal/kdc/kerberos5.c b/third_party/heimdal/kdc/kerberos5.c

index 80048109493140ae6b0ad7eea347a435e9664418..7fe72e807056963014cdc21bd7ac989b6a2d667f 100644 (file)
--- a/third_party/heimdal/kdc/kerberos5.c
+++ b/third_party/heimdal/kdc/kerberos5.c
@@ -33,6 +33,7 @@
  
  #include "kdc_locl.h"
  #include "krb5_err.h"
+#include "krb5_locl.h"
  
  #ifdef TIME_T_SIGNED
  #if SIZEOF_TIME_T == 4
@@ -2221,6 +2222,9 @@ get_pac_attributes(krb5_context context, KDC_REQ *req)
  
      pac_attributes = pacreq.include_pac ? KRB5_PAC_WAS_REQUESTED : 0;
      free_PA_PAC_REQUEST(&pacreq);
+    if (pac_attributes == 0 && context->flags & KRB5_CTX_F_ALWAYS_INCLUDE_PAC) {
+       pac_attributes = KRB5_PAC_WAS_GIVEN_IMPLICITLY;
+    }
      return pac_attributes;
  }
  
diff --git a/third_party/heimdal/lib/krb5/context.c b/third_party/heimdal/lib/krb5/context.c

index 0b9c967fb62add855c363de4b154ed1e1edc8cd7..b459e19948b77f49aee84d308651d02b9a269a96 100644 (file)
--- a/third_party/heimdal/lib/krb5/context.c
+++ b/third_party/heimdal/lib/krb5/context.c
@@ -241,6 +241,7 @@ init_context_from_config_file(krb5_context context)
      INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
      INIT_FLAG(context, flags, KRB5_CTX_F_ENFORCE_OK_AS_DELEGATE, FALSE, "enforce_ok_as_delegate");
      INIT_FLAG(context, flags, KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME, FALSE, "report_canonical_client_name");
+    INIT_FLAG(context, flags, KRB5_CTX_F_ALWAYS_INCLUDE_PAC, FALSE, "always_include_pac");
  
      /* report_canonical_client_name implies check_pac */
      if (context->flags & KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME)
diff --git a/third_party/heimdal/lib/krb5/krb5_locl.h b/third_party/heimdal/lib/krb5/krb5_locl.h

index 57e7819e9c2a87793fa3217c907aedf2609c0137..62679222f5af6fa4713aacaf29475db9925e0716 100644 (file)
--- a/third_party/heimdal/lib/krb5/krb5_locl.h
+++ b/third_party/heimdal/lib/krb5/krb5_locl.h
@@ -331,6 +331,7 @@ typedef struct krb5_context_data {
  #define KRB5_CTX_F_FCACHE_STRICT_CHECKING      32
  #define KRB5_CTX_F_ENFORCE_OK_AS_DELEGATE      64
  #define KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME        128
+#define KRB5_CTX_F_ALWAYS_INCLUDE_PAC          256
      struct send_to_kdc *send_to_kdc;
  #ifdef PKINIT
      hx509_context hx509ctx;
author	Gary Lockyer <gary@catalyst.net.nz>
	Sun, 19 Oct 2025 22:44:26 +0000 (11:44 +1300)
committer	Douglas Bagnall <dbagnall@samba.org>
	Thu, 13 Nov 2025 22:09:33 +0000 (22:09 +0000)
third_party/heimdal/kdc/kerberos5.c		patch \| blob \| blame \| history
third_party/heimdal/lib/krb5/context.c		patch \| blob \| blame \| history
third_party/heimdal/lib/krb5/krb5_locl.h		patch \| blob \| blame \| history