From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 16 May 2023 11:09:23 +0000 (+0200)
Subject: librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
X-Git-Tag: samba-4.17.9~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98b8ffdb44788ea740b829dd800f459107d14c22;p=thirdparty%2Fsamba.git

librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms

We should not limit the possible encryption algorithms to the currently
known ones.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224

(cherry picked from commit e03e738dfc96b3c8ce54e2d280143965713f4778)
---

diff --git a/librpc/rpc/dcerpc_helper.c b/librpc/rpc/dcerpc_helper.c
index cf0deeb2079..48a9a0e46d6 100644
--- a/librpc/rpc/dcerpc_helper.c
+++ b/librpc/rpc/dcerpc_helper.c
@@ -48,7 +48,12 @@ static bool smb3_sid_parse(const struct dom_sid *sid,
 	}
 
 	cipher = sid->sub_auths[3];
-	if (cipher > SMB2_ENCRYPTION_AES128_GCM) {
+	if (cipher > 256) {
+		/*
+		 * It is unlikely that we
+		 * ever have more then 256
+		 * encryption algorithms
+		 */
 		return false;
 	}