rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0195-gensec-Add-a-check-if-a-gensec-module-implements-wea.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420
  1.   8683206b0a75e122dc03b497e4a663ac3491c75e
  2.   SOURCES
  3.   0195-gensec-Add-a-check-if-a-gensec-module-implements-wea.patch
Blob History Raw
b6b438 
From c8b68454839618abf0e0c467ceaa08ef88717b22 Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Wed, 11 Dec 2019 17:45:39 +0100
b6b438 
Subject: [PATCH 195/208] gensec: Add a check if a gensec module implements
b6b438 
 weak crypto
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
---
b6b438 
 auth/gensec/gensec_internal.h |  1 +
b6b438 
 auth/gensec/gensec_start.c    | 12 +++++++++++-
b6b438 
 2 files changed, 12 insertions(+), 1 deletion(-)
b6b438
b6b438 
diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
b6b438 
index 911b48b52d6..8efb1bdff0f 100644
b6b438 
--- a/auth/gensec/gensec_internal.h
b6b438 
+++ b/auth/gensec/gensec_internal.h
b6b438 
@@ -28,6 +28,7 @@ struct gensec_security;
b6b438 
 struct gensec_security_ops {
b6b438 
 	const char *name;
b6b438 
 	const char *sasl_name;
b6b438 
+	bool weak_crypto;
b6b438 
 	uint8_t auth_type;  /* 0 if not offered on DCE-RPC */
b6b438 
 	const char **oid;  /* NULL if not offered by SPNEGO */
b6b438 
 	NTSTATUS (*client_start)(struct gensec_security *gensec_security);
b6b438 
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
b6b438 
index 50f4de73110..860c974f056 100644
b6b438 
--- a/auth/gensec/gensec_start.c
b6b438 
+++ b/auth/gensec/gensec_start.c
b6b438 
@@ -49,7 +49,17 @@ _PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void)
b6b438
b6b438 
 bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
b6b438 
 {
b6b438 
-	return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled);
b6b438 
+	bool ok = lpcfg_parm_bool(security->settings->lp_ctx,
b6b438 
+				  NULL,
b6b438 
+				  "gensec",
b6b438 
+				  ops->name,
b6b438 
+				  ops->enabled);
b6b438 
+
b6b438 
+	if (!samba_gnutls_weak_crypto_allowed() && ops->weak_crypto) {
b6b438 
+		ok = false;
b6b438 
+	}
b6b438 
+
b6b438 
+	return ok;
b6b438 
 }
b6b438
b6b438 
 /* Sometimes we want to force only kerberos, sometimes we want to
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation