CVE-2023-0922 set default ldap client sasl wrapping to seal

This avoids sending new or reset passwords in the clear (integrity protected only) from samba-tool in particular. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315 Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
author: Rob van der Linde <rob@catalyst.net.nz> 2023-02-27 14:06:23 +1300
committer: Jule Anger <janger@samba.org> 2023-03-20 10:05:12 +0100
commit: bb5aecbd10265904156510d5dfc2f97bad442267 (patch)
tree: 27a8cad68c045cfd5c052f09b441d083546d8faf /python/samba
parent: 003f6c16112a45af81ed59877d3b416a2f3847d9 (diff)
download: samba-bb5aecbd10265904156510d5dfc2f97bad442267.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index d166b93d90a..8f9f487f82a 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -470,7 +470,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         def isLastExpectedMessage(msg):
             return (msg["type"] == "Authorization" and
                     msg["Authorization"]["serviceDescription"] == "LDAP" and
-                    msg["Authorization"]["transportProtection"] == "SIGN" and
+                    msg["Authorization"]["transportProtection"] == "SEAL" and
                     msg["Authorization"]["authType"] == "krb5")
 
         self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER"],
author	Rob van der Linde <rob@catalyst.net.nz>	2023-02-27 14:06:23 +1300
committer	Jule Anger <janger@samba.org>	2023-03-20 10:05:12 +0100
commit	bb5aecbd10265904156510d5dfc2f97bad442267 (patch)
tree	27a8cad68c045cfd5c052f09b441d083546d8faf /python/samba
parent	003f6c16112a45af81ed59877d3b416a2f3847d9 (diff)
download	samba-bb5aecbd10265904156510d5dfc2f97bad442267.tar.gz