mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2bd27955ce
)
This commit is contained in:
parent
911750da81
commit
836646d4a0
@ -622,20 +622,16 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
|
||||
|
||||
if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
|
||||
lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) {
|
||||
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
||||
aes_enctypes = talloc_asprintf_append(
|
||||
aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
|
||||
if (aes_enctypes == NULL) {
|
||||
goto done;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
||||
aes_enctypes = talloc_asprintf_append(
|
||||
aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
|
||||
if (aes_enctypes == NULL) {
|
||||
goto done;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
|
||||
|
@ -238,12 +238,8 @@ static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx,
|
||||
char *princ_s = NULL;
|
||||
char *short_princ_s = NULL;
|
||||
krb5_enctype enctypes[4] = {
|
||||
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
||||
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
||||
#endif
|
||||
#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
||||
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
||||
#endif
|
||||
ENCTYPE_ARCFOUR_HMAC,
|
||||
0
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user