sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"

Browse Source 
This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-11-30 09:02:41 +01:00
parent fde745ec34
commit 7504a4d6fe
2 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/param/loadparm.c
View File

@ -3091,10 +3091,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
"kdc default domain supported enctypes",
"rc4-hmac aes256-cts-hmac-sha1-96-sk");
lpcfg_do_global_parameter(lp_ctx,
"kdc force enable rc4 weak session keys",
"no");
for (i = 0; parm_table[i].label; i++) {
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
lp_ctx->flags[i] |= FLAG_DEFAULT;

1
source3/param/loadparm.c
View File

@ -995,7 +995,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
Globals.kdc_default_domain_supported_enctypes =
KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK;
Globals.kdc_force_enable_rc4_weak_session_keys = false;
/* Now put back the settings that were set with lp_set_cmdline() */
apply_lp_set_cmdline();