s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc

The RODC stuff doesn't depend on the schannel algorithm.

metze

Signed-off-by: Günther Deschner <gd@samba.org>

diff --git a/libcli/auth/credentials.h b/libcli/auth/credentials.h
index 47582ef73ac7405ae0ce5f3d9b4b0d08b167facc..7b8fac6715e0dc15086af502e3134d5bbb9d6e25 100644 (file)
--- a/libcli/auth/credentials.h
+++ b/libcli/auth/credentials.h
@@ -68,5 +68,3 @@
 
 #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
 
-#define NETLOGON_NEG_AUTH2_RODC_FLAGS (NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_RODC_PASSTHROUGH)
-

diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 1655e6bad03c64aaa7a03ae888b4fbff1b4a3dc0..3a3dec068b7f97feb155fca9bea1e398046e7bb6 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -321,10 +321,6 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
        s->local_negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
 
        /* allocate credentials */
-       /* type of authentication depends on schannel type */
-       if (schannel_type == SEC_CHAN_RODC) {
-               s->local_negotiate_flags = NETLOGON_NEG_AUTH2_RODC_FLAGS;
-       }
        if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
                s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
        }
@@ -333,6 +329,11 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
                s->dcerpc_schannel_auto = true;
        }
 
+       /* type of authentication depends on schannel type */
+       if (schannel_type == SEC_CHAN_RODC) {
+               s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
+       }
+
        /* allocate binding structure */
        s->binding = talloc_zero(c, struct dcerpc_binding);
        if (composite_nomem(s->binding, c)) return c;