47 lines
1.7 KiB
Diff
47 lines
1.7 KiB
Diff
From e34285778e869f8cb706e4836213651b00b6e425 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Mon, 18 Nov 2019 17:10:25 +0100
|
|
Subject: [PATCH 202/208] s4:rpc_server: Only announce RC4 in netlogon server
|
|
if available
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
---
|
|
source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
|
index 6c92db7b53a..bc3f8e6765f 100644
|
|
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
|
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
|
@@ -44,6 +44,7 @@
|
|
#include "lib/socket/netif.h"
|
|
#include "rpc_server/common/sid_helper.h"
|
|
#include "lib/util/util_str_escape.h"
|
|
+#include "lib/param/loadparm.h"
|
|
|
|
#define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
|
|
dcesrv_interface_netlogon_bind(context, iface)
|
|
@@ -198,7 +199,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
|
|
|
server_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
|
|
NETLOGON_NEG_PERSISTENT_SAMREPL |
|
|
- NETLOGON_NEG_ARCFOUR |
|
|
NETLOGON_NEG_PROMOTION_COUNT |
|
|
NETLOGON_NEG_CHANGELOG_BDC |
|
|
NETLOGON_NEG_FULL_SYNC_REPL |
|
|
@@ -222,6 +222,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
|
NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
|
|
NETLOGON_NEG_AUTHENTICATED_RPC;
|
|
|
|
+ if (lpcfg_weak_crypto(dce_call->conn->dce_ctx->lp_ctx) ==
|
|
+ SAMBA_WEAK_CRYPTO_ALLOWED) {
|
|
+ server_flags |= NETLOGON_NEG_ARCFOUR;
|
|
+ }
|
|
+
|
|
negotiate_flags = *r->in.negotiate_flags & server_flags;
|
|
|
|
if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
|
|
--
|
|
2.23.0
|
|
|