packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0028-CVE-2022-37966.patch

67 lines
2.2 KiB
Diff
Raw Blame History

From 0e08441ba09123539f13afc794a71852c8644393 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 23 Nov 2022 15:18:02 +0100
Subject: [PATCH 28/54] CVE-2022-37966 s3:libads: remove unused ifdef
HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2bd27955ce1000c13b468934eed8b0fdeb66e3bf)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17695
---
source3/libads/kerberos.c | 4 ----
source3/libads/kerberos_keytab.c | 4 ----
2 files changed, 8 deletions(-)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 3fd86e87064e..a4a5e040c175 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -622,20 +622,16 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) {
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
aes_enctypes = talloc_asprintf_append(
aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
if (aes_enctypes == NULL) {
goto done;
}
-#endif
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
aes_enctypes = talloc_asprintf_append(
aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
if (aes_enctypes == NULL) {
goto done;
}
-#endif
}
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index b7e1846bd9ff..ae459bc30ca3 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -238,12 +238,8 @@ static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx,
char *princ_s = NULL;
char *short_princ_s = NULL;
krb5_enctype enctypes[4] = {
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-#endif
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#endif
ENCTYPE_ARCFOUR_HMAC,
0
};
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink