From 67ac8555b1e80aed07e420bca63e5c133c63fb5e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 13 Sep 2010 11:36:43 +1000
Subject: s4-auth: set the RODC bit for RODC schannel

When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/librpc/rpc/dcerpc_schannel.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/librpc/rpc')

diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index ff511a2c67..7716323541 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -243,6 +243,7 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
 	struct composite_context *c;
 	struct schannel_key_state *s;
 	struct composite_context *epm_map_req;
+	enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials);
 	
 	/* composite context allocation and setup */
 	c = composite_create(mem_ctx, p->conn->event_ctx);
@@ -258,7 +259,9 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
 
 	/* allocate credentials */
 	/* type of authentication depends on schannel type */
-	if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
+	if (schannel_type == SEC_CHAN_RODC) {
+		s->negotiate_flags = NETLOGON_NEG_AUTH2_RODC_FLAGS;
+	} else if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
 		s->negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	} else {
 		s->negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
-- 
cgit