sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00
Code

libcli/auth: if we require aes we don't need to require arcfour nor strong key

Browse Source 
But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3da40f1c6818550eb08a6d7d680c213c3f1d0649)
This commit is contained in:
Stefan Metzmacher 2024-10-10 12:31:18 +02:00 committed by Jule Anger
parent 48acce5da8
commit d73e6c7ab0
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libcli/auth/netlogon_creds_cli.c
View File

@ -502,14 +502,16 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
* require AES.
*/
if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
required_flags &= ~NETLOGON_NEG_ARCFOUR;
required_flags |= NETLOGON_NEG_SUPPORTS_AES;
proposed_flags &= ~NETLOGON_NEG_ARCFOUR;
proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
}
proposed_flags |= required_flags;
if (required_flags & NETLOGON_NEG_SUPPORTS_AES) {
required_flags &= ~NETLOGON_NEG_ARCFOUR;
required_flags &= ~NETLOGON_NEG_STRONG_KEYS;
}
if (seal_secure_channel) {
auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
} else {