From e34285778e869f8cb706e4836213651b00b6e425 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 18 Nov 2019 17:10:25 +0100
Subject: [PATCH 202/208] s4:rpc_server: Only announce RC4 in netlogon server
 if available

Signed-off-by: Andreas Schneider <asn@samba.org>
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6c92db7b53a..bc3f8e6765f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -44,6 +44,7 @@
 #include "lib/socket/netif.h"
 #include "rpc_server/common/sid_helper.h"
 #include "lib/util/util_str_escape.h"
+#include "lib/param/loadparm.h"
 
 #define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
        dcesrv_interface_netlogon_bind(context, iface)
@@ -198,7 +199,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
 
 	server_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
 		       NETLOGON_NEG_PERSISTENT_SAMREPL |
-		       NETLOGON_NEG_ARCFOUR |
 		       NETLOGON_NEG_PROMOTION_COUNT |
 		       NETLOGON_NEG_CHANGELOG_BDC |
 		       NETLOGON_NEG_FULL_SYNC_REPL |
@@ -222,6 +222,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
 		       NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
 		       NETLOGON_NEG_AUTHENTICATED_RPC;
 
+	if (lpcfg_weak_crypto(dce_call->conn->dce_ctx->lp_ctx) ==
+	    SAMBA_WEAK_CRYPTO_ALLOWED) {
+		server_flags |= NETLOGON_NEG_ARCFOUR;
+	}
+
 	negotiate_flags = *r->in.negotiate_flags & server_flags;
 
 	if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
-- 
2.23.0