diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-12-05 21:36:23 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 13:07:29 +0000 |
commit | c0c25cc0217b082c12330a8c47869c8428a20d0c (patch) | |
tree | ee969dafa2b704efb2b5ff5e12e00cee31738c78 | |
parent | a4f6f51cbed53775cdfedc7eec2f28c7beb875cc (diff) | |
download | samba-c0c25cc0217b082c12330a8c47869c8428a20d0c.tar.gz |
CVE-2022-37966 testparm: warn about 'kerberos encryption types = legacy'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | source3/utils/testparm.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c index 121c2b7a522..b975188094c 100644 --- a/source3/utils/testparm.c +++ b/source3/utils/testparm.c @@ -680,6 +680,14 @@ static int do_global_checks(void) "options\n\n"); } + if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) { + fprintf(stderr, + "WARNING: You have configured " + "'kerberos encryption types = legacy'. " + "Your server is vulernable to " + "CVE-2022-37966\n\n"); + } + return ret; } |