mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
449163b21d
If SID compression support is disabled for a created account, msDS-SupportedEncryptionTypes will be set to a value that includes the RESOURCE_SID_COMPRESSION_DISABLED bit, but no actual encryption type bits. Since stricter encryption type handling was introduced to address CVE-2022-37966, this combination has been interpreted as an expression of no encryption type support, and trying to make a Kerberos request to a service with such a combination of bits will fail with ERR_ETYPE_NOSUPP. To allow us to make Kerberos requests to test service accounts again, we must set some actual encryption type bits. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>