summaryrefslogtreecommitdiff
path: root/libcli/auth
diff options
context:
space:
mode:
Diffstat (limited to 'libcli/auth')
-rw-r--r--libcli/auth/netlogon_creds_cli.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 12cb3149ff6..e78bc173968 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -39,6 +39,7 @@
#include "libds/common/roles.h"
#include "lib/crypto/md4.h"
#include "auth/credentials/credentials.h"
+#include "lib/param/loadparm.h"
struct netlogon_creds_cli_locked_state;
@@ -414,6 +415,17 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
required_flags |= NETLOGON_NEG_AUTHENTICATED_RPC;
}
+ /*
+ * If weak crypto is disabled, do not announce that we support RC4 and
+ * require AES.
+ */
+ if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ required_flags &= ~NETLOGON_NEG_ARCFOUR;
+ required_flags |= NETLOGON_NEG_SUPPORTS_AES;
+ proposed_flags &= ~NETLOGON_NEG_ARCFOUR;
+ proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
+ }
+
proposed_flags |= required_flags;
if (seal_secure_channel) {
View Lorry Controller Status