sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES*

Browse Source 
aes encryption types are always supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-11-23 15:18:02 +01:00
parent c9b10ee32c
commit 2bd27955ce
2 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source3/libads/kerberos.c
View File

@ -622,20 +622,16 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) {
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
aes_enctypes = talloc_asprintf_append(
aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
if (aes_enctypes == NULL) {
goto done;
}
#endif
#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
aes_enctypes = talloc_asprintf_append(
aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
if (aes_enctypes == NULL) {
goto done;
}
#endif
}
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&

4
source3/libads/kerberos_keytab.c
View File

@ -238,12 +238,8 @@ static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx,
char *princ_s = NULL;
char *short_princ_s = NULL;
krb5_enctype enctypes[4] = {
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
#endif
#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
#endif
ENCTYPE_ARCFOUR_HMAC,
0
};