From 2688375ffeba81ad635ca6bce175b1c849178482 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 17 Aug 2010 18:24:29 +1000
Subject: s4-netlogon: added SEC_CHAN_RODC

This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 9d8195aaad..5893bd4821 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -217,6 +217,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 			DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
 			return NT_STATUS_ACCESS_DENIED;
 		}
+	} else if (r->in.secure_channel_type == SEC_CHAN_RODC) {
+		if (!(user_account_control & UF_PARTIAL_SECRETS_ACCOUNT)) {
+			DEBUG(1, ("Client asked for a RODC secure channel, but is not a RODC: acb flags: 0x%x\n", user_account_control));
+			return NT_STATUS_ACCESS_DENIED;
+		}
 	} else {
 		DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
 			  r->in.secure_channel_type));
-- 
cgit