s3-netlogon: fix updating trust accout passwords with downlevel domains.

When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther

1 files changed, 2 insertions, 2 deletions

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index a5f48d4aa5..191a0b0126 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -516,10 +516,10 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 					    enum netr_SchannelType sec_channel_type)
 {
 	NTSTATUS result;
-	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	struct netr_Authenticator clnt_creds, srv_cred;
 
 	if (!cli->dc) {
+		uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 		result = rpccli_netlogon_setup_creds(cli,
 						     cli->desthost, /* server name */
 						     lp_workgroup(), /* domain */
@@ -537,7 +537,7 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 
 	netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
 
-	if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
+	if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
 		struct netr_CryptPassword new_password;