]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
auth:gensec: Use lpcfg_weak_crypto()
authorAndreas Schneider <asn@samba.org>
Fri, 23 Apr 2021 14:32:27 +0000 (16:32 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Tue, 3 Aug 2021 09:28:38 +0000 (09:28 +0000)
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/gensec/gensec_start.c

index 906e3ee302cdaec6517fd96e393d90b22171aa38..bd5b7259d3f7ee601c2ec91d6fda35e13ca48191 100644 (file)
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_internal.h"
 #include "lib/param/param.h"
+#include "lib/param/loadparm.h"
 #include "lib/util/tsort.h"
 #include "lib/util/samba_modules.h"
 #include "lib/util/base64.h"
-#include "lib/crypto/gnutls_helpers.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -51,7 +51,8 @@ bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct g
                                  ops->name,
                                  ops->enabled);
 
-       if (!samba_gnutls_weak_crypto_allowed() && ops->weak_crypto) {
+       if (ops->weak_crypto &&
+           lpcfg_weak_crypto(security->settings->lp_ctx) != SAMBA_WEAK_CRYPTO_ALLOWED) {
                ok = false;
        }