summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--librpc/idl/misc.idl3
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c5
2 files changed, 7 insertions, 1 deletions
diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl
index a60d30bef2..e92846043d 100644
--- a/librpc/idl/misc.idl
+++ b/librpc/idl/misc.idl
@@ -40,7 +40,8 @@ interface misc
SEC_CHAN_WKSTA = 2,
SEC_CHAN_DNS_DOMAIN = 3,
SEC_CHAN_DOMAIN = 4,
- SEC_CHAN_BDC = 6
+ SEC_CHAN_BDC = 6,
+ SEC_CHAN_RODC = 7
} netr_SchannelType;
typedef [public] struct {
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 9d8195aaad..5893bd4821 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -217,6 +217,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
return NT_STATUS_ACCESS_DENIED;
}
+ } else if (r->in.secure_channel_type == SEC_CHAN_RODC) {
+ if (!(user_account_control & UF_PARTIAL_SECRETS_ACCOUNT)) {
+ DEBUG(1, ("Client asked for a RODC secure channel, but is not a RODC: acb flags: 0x%x\n", user_account_control));
+ return NT_STATUS_ACCESS_DENIED;
+ }
} else {
DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
r->in.secure_channel_type));