diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-23 15:18:02 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-14 11:39:17 +0000 |
commit | d022b9fa3ae3b7284393f96afb0faddc0526e5ab (patch) | |
tree | e9b4a4a357fcfbd21abb6be9b636f5c3f67235d9 | |
parent | 91680bf61f5067bf5b3b9eb2ec811be5b676e6ad (diff) | |
download | samba-d022b9fa3ae3b7284393f96afb0faddc0526e5ab.tar.gz |
CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2bd27955ce1000c13b468934eed8b0fdeb66e3bf)
-rw-r--r-- | source3/libads/kerberos.c | 4 | ||||
-rw-r--r-- | source3/libads/kerberos_keytab.c | 4 |
2 files changed, 0 insertions, 8 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 3fd86e87064..a4a5e040c17 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -622,20 +622,16 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx) if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL || lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) { -#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 aes_enctypes = talloc_asprintf_append( aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 "); if (aes_enctypes == NULL) { goto done; } -#endif -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 aes_enctypes = talloc_asprintf_append( aes_enctypes, "%s", "aes128-cts-hmac-sha1-96"); if (aes_enctypes == NULL) { goto done; } -#endif } if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED && diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index b7e1846bd9f..ae459bc30ca 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -238,12 +238,8 @@ static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx, char *princ_s = NULL; char *short_princ_s = NULL; krb5_enctype enctypes[4] = { -#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 ENCTYPE_AES256_CTS_HMAC_SHA1_96, -#endif -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#endif ENCTYPE_ARCFOUR_HMAC, 0 }; |