41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
From 4257781a43a0a8c69b94031d1e2f99d422484985 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Mon, 5 Dec 2022 21:36:23 +0100
|
|
Subject: [PATCH 06/54] CVE-2022-37966 testparm: warn about 'kerberos
|
|
encryption types = legacy'
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit c0c25cc0217b082c12330a8c47869c8428a20d0c)
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17695
|
|
---
|
|
source3/utils/testparm.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
|
|
index 121c2b7a5221..b975188094ca 100644
|
|
--- a/source3/utils/testparm.c
|
|
+++ b/source3/utils/testparm.c
|
|
@@ -680,6 +680,14 @@ static int do_global_checks(void)
|
|
"options\n\n");
|
|
}
|
|
|
|
+ if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
|
|
+ fprintf(stderr,
|
|
+ "WARNING: You have configured "
|
|
+ "'kerberos encryption types = legacy'. "
|
|
+ "Your server is vulernable to "
|
|
+ "CVE-2022-37966\n\n");
|
|
+ }
|
|
+
|
|
return ret;
|
|
}
|
|
|
|
--
|
|
2.34.1
|