From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 16 May 2023 11:09:23 +0000 (+0200)
Subject: librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
X-Git-Tag: talloc-2.4.1~677
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e03e738dfc96b3c8ce54e2d280143965713f4778;p=thirdparty%2Fsamba.git

librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms

We should not limit the possible encryption algorithms to the currently
known ones.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224
---

diff --git a/librpc/rpc/dcerpc_helper.c b/librpc/rpc/dcerpc_helper.c
index eec78e034ee..e1589f90794 100644
--- a/librpc/rpc/dcerpc_helper.c
+++ b/librpc/rpc/dcerpc_helper.c
@@ -49,7 +49,12 @@ static bool smb3_sid_parse(const struct dom_sid *sid,
 	}
 
 	cipher = sid->sub_auths[3];
-	if (cipher > SMB2_ENCRYPTION_AES128_GCM) {
+	if (cipher > 256) {
+		/*
+		 * It is unlikely that we
+		 * ever have more then 256
+		 * encryption algorithms
+		 */
 		return false;
 	}