CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes

AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no reason to allow md5 servers by default. Note the change in netlogon_creds_cli_context_global() is only cosmetic, but avoids confusion while reading the code. Check with: git show -U35 libcli/auth/netlogon_creds_cli.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2022-11-24 18:22:23 +0100
committer: Stefan Metzmacher <metze@samba.org> 2022-12-13 13:07:29 +0000
commit: 1c6c1129905d0c7a60018e7bf0f17a0fd198a584 (patch)
tree: 2bf2b1dff2f4de50c984b1080639998b93728c7e /source3/param
parent: d60828f6391307a59abaa02b72b6a8acf66b2fef (diff)
download: samba-1c6c1129905d0c7a60018e7bf0f17a0fd198a584.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3429ecbe5e4..621b5b9f48c 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -664,6 +664,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.client_schannel = true;
 	Globals.winbind_sealed_pipes = true;
 	Globals.require_strong_key = true;
+	Globals.reject_md5_servers = true;
 	Globals.server_schannel = true;
 	Globals.read_raw = true;
 	Globals.write_raw = true;
author	Stefan Metzmacher <metze@samba.org>	2022-11-24 18:22:23 +0100
committer	Stefan Metzmacher <metze@samba.org>	2022-12-13 13:07:29 +0000
commit	1c6c1129905d0c7a60018e7bf0f17a0fd198a584 (patch)
tree	2bf2b1dff2f4de50c984b1080639998b93728c7e /source3/param
parent	d60828f6391307a59abaa02b72b6a8acf66b2fef (diff)
download	samba-1c6c1129905d0c7a60018e7bf0f17a0fd198a584.tar.gz