CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session...

This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7504a4d6fee7805aac7657b9dab88c48353d6db4)

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 3a62d882a81ed133c3a6f9e05e81e81a7c80182e..b712609e3a7c0ee81464ffee07b176a92fb8d719 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3080,10 +3080,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                                  "kdc default domain supported enctypes",
                                  "rc4-hmac aes256-cts-hmac-sha1-96-sk");
 
-       lpcfg_do_global_parameter(lp_ctx,
-                                 "kdc force enable rc4 weak session keys",
-                                 "no");
-
        for (i = 0; parm_table[i].label; i++) {
                if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
                        lp_ctx->flags[i] |= FLAG_DEFAULT;

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f0b82d7dea16ec0ad8cd141c15ce56c248bd4ed1..ea1686e8aa05f83557495dde020cc11546159864 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -984,7 +984,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
        Globals.kdc_default_domain_supported_enctypes =
                KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK;
-       Globals.kdc_force_enable_rc4_weak_session_keys = false;
 
        /* Now put back the settings that were set with lp_set_cmdline() */
        apply_lp_set_cmdline();