HEIMDAL:lib/krb5: add krb5_rd_req_in_set_verify_ap_req_flags()

author Stefan Metzmacher <metze@samba.org>

Fri, 18 Aug 2017 13:33:17 +0000 (15:33 +0200)

committer Stefan Metzmacher <metze@samba.org>

Fri, 9 Feb 2024 17:31:21 +0000 (18:31 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 18 Aug 2017 13:33:17 +0000 (15:33 +0200)
committer Stefan Metzmacher <metze@samba.org>
Fri, 9 Feb 2024 17:31:21 +0000 (18:31 +0100)
diff --git a/third_party/heimdal/lib/krb5/rd_req.c b/third_party/heimdal/lib/krb5/rd_req.c

index 371037c8403f48c2dafc2e8d6eb61b00af102426..f67cd7cbaa2aae902d48f5467ee4bc0d1b1e184d 100644 (file)
--- a/third_party/heimdal/lib/krb5/rd_req.c
+++ b/third_party/heimdal/lib/krb5/rd_req.c
@@ -515,6 +515,7 @@ struct krb5_rd_req_in_ctx_data {
      krb5_keytab keytab;
      krb5_keyblock *keyblock;
      krb5_boolean check_pac;
+    krb5_flags verify_ap_req_flags;
  };
  
  struct krb5_rd_req_out_ctx_data {
@@ -570,6 +571,15 @@ krb5_rd_req_in_set_keytab(krb5_context context,
      return 0;
  }
  
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_rd_req_in_set_verify_ap_req_flags(krb5_context context,
+                            krb5_rd_req_in_ctx in,
+                            krb5_flags flags)
+{
+    in->verify_ap_req_flags = flags;
+    return 0;
+}
+
  /**
   * Set if krb5_rq_red() is going to check the Windows PAC or not
   *
@@ -854,6 +864,7 @@ krb5_rd_req_ctx(krb5_context context,
      krb5_rd_req_out_ctx o = NULL;
      krb5_keytab id = NULL, keytab = NULL;
      krb5_principal service = NULL;
+    krb5_flags verify_ap_req_flags = 0;
  
      if (outctx)
          *outctx = NULL;
@@ -892,6 +903,9 @@ krb5_rd_req_ctx(krb5_context context,
      if (inctx && inctx->keytab)
         id = inctx->keytab;
  
+    if (inctx)
+        verify_ap_req_flags = inctx->verify_ap_req_flags;
+
      if((*auth_context)->keyblock){
         ret = krb5_copy_keyblock(context,
                                  (*auth_context)->keyblock,
@@ -949,7 +963,7 @@ krb5_rd_req_ctx(krb5_context context,
                                   &ap_req,
                                   server,
                                   o->keyblock,
-                                 0,
+                                 verify_ap_req_flags,
                                   &o->ap_req_options,
                                   &o->ticket,
                                   KRB5_KU_AP_REQ_AUTH);
@@ -997,7 +1011,7 @@ krb5_rd_req_ctx(krb5_context context,
                                       &ap_req,
                                       server,
                                       &entry.keyblock,
-                                     0,
+                                     verify_ap_req_flags,
                                       &o->ap_req_options,
                                       &o->ticket,
                                       KRB5_KU_AP_REQ_AUTH);
diff --git a/third_party/heimdal/lib/krb5/version-script.map b/third_party/heimdal/lib/krb5/version-script.map

index f6278e9ecbf64016b47d581af751c44242b28bd7..fb3363f7a6a7b36e435c99cb5cd601650619ceb6 100644 (file)
--- a/third_party/heimdal/lib/krb5/version-script.map
+++ b/third_party/heimdal/lib/krb5/version-script.map
@@ -561,6 +561,7 @@ HEIMDAL_KRB5_2.0 {
                 krb5_rd_req_in_set_keyblock;
                 krb5_rd_req_in_set_keytab;
                 krb5_rd_req_in_set_pac_check;
+               krb5_rd_req_in_set_verify_ap_req_flags;
                 krb5_rd_req_out_ctx_free;
                 krb5_rd_req_out_get_ap_req_options;
                 krb5_rd_req_out_get_keyblock;
author	Stefan Metzmacher <metze@samba.org>
	Fri, 18 Aug 2017 13:33:17 +0000 (15:33 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 9 Feb 2024 17:31:21 +0000 (18:31 +0100)
third_party/heimdal/lib/krb5/rd_req.c		patch \| blob \| history
third_party/heimdal/lib/krb5/version-script.map		patch \| blob \| history