From: Stefan Metzmacher Date: Wed, 30 Nov 2022 08:02:41 +0000 (+0100) Subject: CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session... X-Git-Tag: samba-4.15.13~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=693a247d3b270677ec6f42189002c647a1e20e19;p=thirdparty%2Fsamba.git CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no" This is not squashed in order to allow easier backports... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 7504a4d6fee7805aac7657b9dab88c48353d6db4) --- diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 3a62d882a81..b712609e3a7 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -3080,10 +3080,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) "kdc default domain supported enctypes", "rc4-hmac aes256-cts-hmac-sha1-96-sk"); - lpcfg_do_global_parameter(lp_ctx, - "kdc force enable rc4 weak session keys", - "no"); - for (i = 0; parm_table[i].label; i++) { if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) { lp_ctx->flags[i] |= FLAG_DEFAULT; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index f0b82d7dea1..ea1686e8aa0 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -984,7 +984,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.kdc_default_domain_supported_enctypes = KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK; - Globals.kdc_force_enable_rc4_weak_session_keys = false; /* Now put back the settings that were set with lp_set_cmdline() */ apply_lp_set_cmdline();