#include "libds/common/roles.h"
#include "lib/crypto/md4.h"
#include "auth/credentials/credentials.h"
+#include "lib/param/loadparm.h"
struct netlogon_creds_cli_locked_state;
required_flags |= NETLOGON_NEG_AUTHENTICATED_RPC;
}
+ /*
+ * If weak crypto is disabled, do not announce that we support RC4 and
+ * require AES.
+ */
+ if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ required_flags &= ~NETLOGON_NEG_ARCFOUR;
+ required_flags |= NETLOGON_NEG_SUPPORTS_AES;
+ proposed_flags &= ~NETLOGON_NEG_ARCFOUR;
+ proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
+ }
+
proposed_flags |= required_flags;
if (seal_secure_channel) {
NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
}
+ /*
+ * If weak cryto is disabled, do not announce that we support RC4.
+ */
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ srv_flgs &= ~NETLOGON_NEG_ARCFOUR;
+ }
+
switch (p->opnum) {
case NDR_NETR_SERVERAUTHENTICATE:
fn = "_netr_ServerAuthenticate";
#include "auth/credentials/credentials.h"
#include "librpc/rpc/dcerpc_proto.h"
#include "param/param.h"
+#include "lib/param/loadparm.h"
struct schannel_key_state {
struct dcerpc_pipe *pipe;
s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
}
+ if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ s->local_negotiate_flags &= ~NETLOGON_NEG_ARCFOUR;
+ }
+
epm_creds = cli_credentials_init_anon(s);
if (composite_nomem(epm_creds, c)) return c;
#include "lib/socket/netif.h"
#include "rpc_server/common/sid_helper.h"
#include "lib/util/util_str_escape.h"
+#include "lib/param/loadparm.h"
#define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \
dcesrv_interface_netlogon_bind(context, iface)
NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
NETLOGON_NEG_AUTHENTICATED_RPC;
+ /*
+ * If weak cryto is disabled, do not announce that we support RC4.
+ */
+ if (lpcfg_weak_crypto(dce_call->conn->dce_ctx->lp_ctx) ==
+ SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ server_flags &= ~NETLOGON_NEG_ARCFOUR;
+ }
+
negotiate_flags = *r->in.negotiate_flags & server_flags;
if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {