From 88fed59d4c29b9ff7964db462ff56f1f92eedf3a Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 20 Nov 2019 11:18:21 +0100 Subject: [PATCH 208/208] s3:librpc: Only use RC4 if our systems supports it Signed-off-by: Andreas Schneider --- source4/librpc/rpc/dcerpc_schannel.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index d12647222eb..8a82fdf60b5 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -31,6 +31,7 @@ #include "auth/credentials/credentials.h" #include "librpc/rpc/dcerpc_proto.h" #include "param/param.h" +#include "lib/param/loadparm.h" struct schannel_key_state { struct dcerpc_pipe *pipe; @@ -341,6 +342,10 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx, s->dcerpc_schannel_auto = true; } + if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) { + s->local_negotiate_flags &= ~NETLOGON_NEG_ARCFOUR; + } + /* type of authentication depends on schannel type */ if (schannel_type == SEC_CHAN_RODC) { s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH; -- 2.23.0