From 81f92c8a62f49de727308ed6d334f6a247ca5143 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Apr 2024 18:24:33 +0200 Subject: [PATCH] third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83) gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is implied. Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG when GSS_C_DCE_STYLE is used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740 PR: https://github.com/heimdal/heimdal/pull/1266 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224 (cherry picked from commit ce10b28566eb7b3e26a1e404b278d3d761ac183e) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Thu Nov 7 09:21:35 UTC 2024 on atb-devel-224 --- third_party/heimdal/lib/gssapi/krb5/8003.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/third_party/heimdal/lib/gssapi/krb5/8003.c b/third_party/heimdal/lib/gssapi/krb5/8003.c index 74ff349ab7b..340a9194a3b 100644 --- a/third_party/heimdal/lib/gssapi/krb5/8003.c +++ b/third_party/heimdal/lib/gssapi/krb5/8003.c @@ -239,6 +239,16 @@ _gsskrb5_verify_8003_checksum( _gss_mg_decode_le_uint32(p, flags); p += 4; + /* + * Sometimes Windows clients forget + * to set GSS_C_MUTUAL_FLAG together + * with GSS_C_DCE_STYLE, but + * DCE_STYLE implies mutual authentication + */ + if (*flags & GSS_C_DCE_STYLE) { + *flags |= GSS_C_MUTUAL_FLAG; + } + if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { if(cksum->checksum.length < 28) { *minor_status = 0; -- 2.47.2