From 4c5019d507fbe0c9ae328463a3392323fc9e6d51 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Aug 2012 13:31:33 +0200
Subject: s4:cldap_server: set DS_SERVER_SELECT_SECRET_DOMAIN_6 if we're a RODC

metze
---
 source4/cldap_server/netlogon.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'source4/cldap_server')

diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 4777fcca9c..f5703d3f32 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -73,7 +73,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 	const char *pdc_ip;
 	struct ldb_dn *domain_dn = NULL;
 	struct interface *ifaces;
-	bool user_known, am_rodc;
+	bool user_known = false, am_rodc = false;
 	NTSTATUS status;
 
 	/* the domain parameter could have an optional trailing "." */
@@ -230,10 +230,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		server_type |= DS_SERVER_PDC;
 	}
 
-	if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
-		server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
-	}
-
 	if (samdb_is_gc(sam_ctx)) {
 		server_type |= DS_SERVER_GC;
 	}
@@ -250,6 +246,14 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		server_type |= DS_SERVER_WRITABLE;
 	}
 
+	if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
+		if (server_type & DS_SERVER_WRITABLE) {
+			server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
+		} else {
+			server_type |= DS_SERVER_SELECT_SECRET_DOMAIN_6;
+		}
+	}
+
 	if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) {
 		pdc_name = lpcfg_netbios_name(lp_ctx);
 	} else {
-- 
cgit