From fede78f29d15bb718186122f136cc25f0557773f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 14 Sep 2010 15:48:19 +1000
Subject: s4-cldap: don't set the writable bit when we are a RODC

when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/cldap_server/netlogon.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'source4/cldap_server')

diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index d1fde899a5..1dd3cb7e0e 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -71,7 +71,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 	const char *pdc_ip;
 	struct ldb_dn *domain_dn = NULL;
 	struct interface *ifaces;
-	bool user_known;
+	bool user_known, am_rodc;
 	NTSTATUS status;
 
 	/* the domain parameter could have an optional trailing "." */
@@ -233,7 +233,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		
 	server_type      = 
 		DS_SERVER_DS | DS_SERVER_TIMESERV |
-		DS_SERVER_CLOSEST | DS_SERVER_WRITABLE | 
+		DS_SERVER_CLOSEST |
 		DS_SERVER_GOOD_TIMESERV;
 
 #if 0
@@ -261,6 +261,10 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		server_type |= DS_SERVER_KDC;
 	}
 
+	if (samdb_rodc(sam_ctx, &am_rodc) != LDB_SUCCESS && !am_rodc) {
+		server_type |= DS_SERVER_WRITABLE;
+	}
+
 #if 0
 	/* w2k8-r2 as a sole DC does not claim this */
 	if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {
-- 
cgit