diff options
author | Rob van der Linde <rob@catalyst.net.nz> | 2023-02-27 14:06:23 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-03-20 10:05:12 +0100 |
commit | bb5aecbd10265904156510d5dfc2f97bad442267 (patch) | |
tree | 27a8cad68c045cfd5c052f09b441d083546d8faf /python/samba | |
parent | 003f6c16112a45af81ed59877d3b416a2f3847d9 (diff) | |
download | samba-bb5aecbd10265904156510d5dfc2f97bad442267.tar.gz |
CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Diffstat (limited to 'python/samba')
-rw-r--r-- | python/samba/tests/auth_log.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py index d166b93d90a..8f9f487f82a 100644 --- a/python/samba/tests/auth_log.py +++ b/python/samba/tests/auth_log.py @@ -470,7 +470,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): def isLastExpectedMessage(msg): return (msg["type"] == "Authorization" and msg["Authorization"]["serviceDescription"] == "LDAP" and - msg["Authorization"]["transportProtection"] == "SIGN" and + msg["Authorization"]["transportProtection"] == "SEAL" and msg["Authorization"]["authType"] == "krb5") self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER"], |