From f719db12774d7b22b818adb56c2abd64ab036caf Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 11 Apr 2019 16:06:14 +0200 Subject: [PATCH 201/208] s3:rpc_server: Only announce RC4 in netlogon server if available Signed-off-by: Andreas Schneider --- source3/rpc_server/netlogon/srv_netlog_nt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index cbbf9feedc7..3dd8ecf5ca8 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -909,7 +909,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, /* 0x000001ff */ srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | NETLOGON_NEG_PERSISTENT_SAMREPL | - NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_PROMOTION_COUNT | NETLOGON_NEG_CHANGELOG_BDC | NETLOGON_NEG_FULL_SYNC_REPL | @@ -918,6 +917,10 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | NETLOGON_NEG_PASSWORD_SET2; + if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED) { + srv_flgs |= NETLOGON_NEG_ARCFOUR; + } + /* Ensure we support strong (128-bit) keys. */ if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) { srv_flgs |= NETLOGON_NEG_STRONG_KEYS; -- 2.23.0