1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/auth: if we require aes we don't need to require arcfour nor strong key

But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2024-10-10 12:31:18 +02:00 committed by Douglas Bagnall
parent a9040c8ce7
commit 3da40f1c68

View File

@ -502,14 +502,16 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
* require AES.
*/
if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
required_flags &= ~NETLOGON_NEG_ARCFOUR;
required_flags |= NETLOGON_NEG_SUPPORTS_AES;
proposed_flags &= ~NETLOGON_NEG_ARCFOUR;
proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
}
proposed_flags |= required_flags;
if (required_flags & NETLOGON_NEG_SUPPORTS_AES) {
required_flags &= ~NETLOGON_NEG_ARCFOUR;
required_flags &= ~NETLOGON_NEG_STRONG_KEYS;
}
if (seal_secure_channel) {
auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
} else {