From e34285778e869f8cb706e4836213651b00b6e425 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 18 Nov 2019 17:10:25 +0100
Subject: [PATCH 202/208] s4:rpc_server: Only announce RC4 in netlogon server
if available
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6c92db7b53a..bc3f8e6765f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -44,6 +44,7 @@
#include "lib/socket/netif.h"
#include "rpc_server/common/sid_helper.h"
#include "lib/util/util_str_escape.h"
+#include "lib/param/loadparm.h"
#define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
dcesrv_interface_netlogon_bind(context, iface)
@@ -198,7 +199,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
server_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
NETLOGON_NEG_PERSISTENT_SAMREPL |
- NETLOGON_NEG_ARCFOUR |
NETLOGON_NEG_PROMOTION_COUNT |
NETLOGON_NEG_CHANGELOG_BDC |
NETLOGON_NEG_FULL_SYNC_REPL |
@@ -222,6 +222,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
NETLOGON_NEG_AUTHENTICATED_RPC;
+ if (lpcfg_weak_crypto(dce_call->conn->dce_ctx->lp_ctx) ==
+ SAMBA_WEAK_CRYPTO_ALLOWED) {
+ server_flags |= NETLOGON_NEG_ARCFOUR;
+ }
+
negotiate_flags = *r->in.negotiate_flags & server_flags;
if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
--
2.23.0