CVE-2023-0922 set default ldap client sasl wrapping to seal

This avoids sending new or reset passwords in the clear (integrity protected only) from samba-tool in particular. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315 Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Apr 5 03:08:51 UTC 2023 on atb-devel-224
author: Rob van der Linde <rob@catalyst.net.nz> 2023-02-27 14:06:23 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2023-04-05 03:08:51 +0000
commit: b74b9f4b06c24b16bf3daac96127e62b75f5b9ed (patch)
tree: aa7a45fa6a1c091f10ebedbd420b18d185ba447d /source3/param
parent: c33e78a27fbeb913b08ef7f74343c1f652d1aa41 (diff)
download: samba-b74b9f4b06c24b16bf3daac96127e62b75f5b9ed.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 05a5ae20abe..12718ced9e7 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -756,7 +756,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.ldap_debug_level = 0;
 	Globals.ldap_debug_threshold = 10;
 
-	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
+	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
 
 	Globals.ldap_server_require_strong_auth =
 		LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
author	Rob van der Linde <rob@catalyst.net.nz>	2023-02-27 14:06:23 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2023-04-05 03:08:51 +0000
commit	b74b9f4b06c24b16bf3daac96127e62b75f5b9ed (patch)
tree	aa7a45fa6a1c091f10ebedbd420b18d185ba447d /source3/param
parent	c33e78a27fbeb913b08ef7f74343c1f652d1aa41 (diff)
download	samba-b74b9f4b06c24b16bf3daac96127e62b75f5b9ed.tar.gz