s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc

The RODC stuff doesn't depend on the schannel algorithm.

metze

Signed-off-by: Günther Deschner <gd@samba.org>

2 files changed, 5 insertions, 6 deletions

diff --git a/libcli/auth/credentials.h b/libcli/auth/credentials.h
index 47582ef73a..7b8fac6715 100644
--- a/libcli/auth/credentials.h
+++ b/libcli/auth/credentials.h
@@ -68,5 +68,3 @@
 
 #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
 
-#define NETLOGON_NEG_AUTH2_RODC_FLAGS (NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_RODC_PASSTHROUGH)
-
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 1655e6bad0..3a3dec068b 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -321,10 +321,6 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
 	s->local_negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
 
 	/* allocate credentials */
-	/* type of authentication depends on schannel type */
-	if (schannel_type == SEC_CHAN_RODC) {
-		s->local_negotiate_flags = NETLOGON_NEG_AUTH2_RODC_FLAGS;
-	}
 	if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
 		s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	}
@@ -333,6 +329,11 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
 		s->dcerpc_schannel_auto = true;
 	}
 
+	/* type of authentication depends on schannel type */
+	if (schannel_type == SEC_CHAN_RODC) {
+		s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
+	}
+
 	/* allocate binding structure */
 	s->binding = talloc_zero(c, struct dcerpc_binding);
 	if (composite_nomem(s->binding, c)) return c;