diff options
-rw-r--r-- | librpc/idl/misc.idl | 3 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl index a60d30bef2..e92846043d 100644 --- a/librpc/idl/misc.idl +++ b/librpc/idl/misc.idl @@ -40,7 +40,8 @@ interface misc SEC_CHAN_WKSTA = 2, SEC_CHAN_DNS_DOMAIN = 3, SEC_CHAN_DOMAIN = 4, - SEC_CHAN_BDC = 6 + SEC_CHAN_BDC = 6, + SEC_CHAN_RODC = 7 } netr_SchannelType; typedef [public] struct { diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 9d8195aaad..5893bd4821 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -217,6 +217,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control)); return NT_STATUS_ACCESS_DENIED; } + } else if (r->in.secure_channel_type == SEC_CHAN_RODC) { + if (!(user_account_control & UF_PARTIAL_SECRETS_ACCOUNT)) { + DEBUG(1, ("Client asked for a RODC secure channel, but is not a RODC: acb flags: 0x%x\n", user_account_control)); + return NT_STATUS_ACCESS_DENIED; + } } else { DEBUG(1, ("Client asked for an invalid secure channel type: %d\n", r->in.secure_channel_type)); |