CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session...

This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7504a4d6fee7805aac7657b9dab88c48353d6db4)

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 0fee67d3c1b19e689f4a8143f784b3735cb6f4fa..e810fa564d68eec10e658d5a0252e15495f9d480 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3087,10 +3087,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                                  "kdc default domain supported enctypes",
                                  "rc4-hmac aes256-cts-hmac-sha1-96-sk");
 
-       lpcfg_do_global_parameter(lp_ctx,
-                                 "kdc force enable rc4 weak session keys",
-                                 "no");
-
        for (i = 0; parm_table[i].label; i++) {
                if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
                        lp_ctx->flags[i] |= FLAG_DEFAULT;

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ec59f9274d456892068ddafe597166972862158e..c33b0cd3fea58fb177044f6fe18ccb163e073b0e 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -993,7 +993,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
        Globals.kdc_default_domain_supported_enctypes =
                KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK;
-       Globals.kdc_force_enable_rc4_weak_session_keys = false;
 
        /* Now put back the settings that were set with lp_set_cmdline() */
        apply_lp_set_cmdline();