mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli/auth: if we require aes we don't need to require arcfour nor strong key
But we can send arcfour and strong key on the wire and don't need to remove them from the proposed flags. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
a9040c8ce7
commit
3da40f1c68
@ -502,14 +502,16 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
|
||||
* require AES.
|
||||
*/
|
||||
if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
|
||||
required_flags &= ~NETLOGON_NEG_ARCFOUR;
|
||||
required_flags |= NETLOGON_NEG_SUPPORTS_AES;
|
||||
proposed_flags &= ~NETLOGON_NEG_ARCFOUR;
|
||||
proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
|
||||
}
|
||||
|
||||
proposed_flags |= required_flags;
|
||||
|
||||
if (required_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||
required_flags &= ~NETLOGON_NEG_ARCFOUR;
|
||||
required_flags &= ~NETLOGON_NEG_STRONG_KEYS;
|
||||
}
|
||||
|
||||
if (seal_secure_channel) {
|
||||
auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
|
||||
} else {
|
||||
|
Loading…
Reference in New Issue
Block a user