CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session...

This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index a858c31dbba469f76ab0ab9f4adea58d7bc1a577..1cb25f843b3b57b014be01967ede7a7fc593d281 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3091,10 +3091,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                                  "kdc default domain supported enctypes",
                                  "rc4-hmac aes256-cts-hmac-sha1-96-sk");
 
-       lpcfg_do_global_parameter(lp_ctx,
-                                 "kdc force enable rc4 weak session keys",
-                                 "no");
-
        for (i = 0; parm_table[i].label; i++) {
                if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
                        lp_ctx->flags[i] |= FLAG_DEFAULT;

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 75472e0bfe0568351072cf78679e6c0426444e83..27a77c71f5e3c54221add1068ac610a2935129a1 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -995,7 +995,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
        Globals.kdc_default_domain_supported_enctypes =
                KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK;
-       Globals.kdc_force_enable_rc4_weak_session_keys = false;
 
        /* Now put back the settings that were set with lp_set_cmdline() */
        apply_lp_set_cmdline();