From: Andrew Tridgell Date: Mon, 13 Sep 2010 01:36:43 +0000 (+1000) Subject: s4-auth: set the RODC bit for RODC schannel X-Git-Tag: samba-4.0.0alpha13~134 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=67ac8555b1e80aed07e420bca63e5c133c63fb5e;p=samba.git s4-auth: set the RODC bit for RODC schannel When we are using SEC_CHAN_RODC we need to set the NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in ServerAuthenticate2 Pair-Programmed-With: Andrew Bartlett --- diff --git a/libcli/auth/credentials.h b/libcli/auth/credentials.h index 7175211fbaa..47582ef73ac 100644 --- a/libcli/auth/credentials.h +++ b/libcli/auth/credentials.h @@ -68,4 +68,5 @@ #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) +#define NETLOGON_NEG_AUTH2_RODC_FLAGS (NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_RODC_PASSTHROUGH) diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index ff511a2c676..77163235416 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -243,6 +243,7 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx, struct composite_context *c; struct schannel_key_state *s; struct composite_context *epm_map_req; + enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials); /* composite context allocation and setup */ c = composite_create(mem_ctx, p->conn->event_ctx); @@ -258,7 +259,9 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx, /* allocate credentials */ /* type of authentication depends on schannel type */ - if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) { + if (schannel_type == SEC_CHAN_RODC) { + s->negotiate_flags = NETLOGON_NEG_AUTH2_RODC_FLAGS; + } else if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) { s->negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; } else { s->negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;