From 88fed59d4c29b9ff7964db462ff56f1f92eedf3a Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Wed, 20 Nov 2019 11:18:21 +0100

Subject: [PATCH 208/208] s3:librpc: Only use RC4 if our systems supports it

Signed-off-by: Andreas Schneider <asn@samba.org>

---

 source4/librpc/rpc/dcerpc_schannel.c | 5 +++++

 1 file changed, 5 insertions(+)

diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c

index d12647222eb..8a82fdf60b5 100644

--- a/source4/librpc/rpc/dcerpc_schannel.c

+++ b/source4/librpc/rpc/dcerpc_schannel.c

@@ -31,6 +31,7 @@

 #include "auth/credentials/credentials.h"

 #include "librpc/rpc/dcerpc_proto.h"

 #include "param/param.h"

+#include "lib/param/loadparm.h"

 struct schannel_key_state {

 	struct dcerpc_pipe *pipe;

@@ -341,6 +342,10 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,

 		s->dcerpc_schannel_auto = true;

 	}

+	if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {

+		s->local_negotiate_flags &= ~NETLOGON_NEG_ARCFOUR;

+	}

+

 	/* type of authentication depends on schannel type */

 	if (schannel_type == SEC_CHAN_RODC) {

 		s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;

-- 

2.23.0