s4-cldap: don't set the writable bit when we are a RODC

when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index d1fde899a5616f24337c94709a6f705557edec3b..1dd3cb7e0e78afaf9afe9e8c9433d3d4d036744e 100644 (file)
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -71,7 +71,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
        const char *pdc_ip;
        struct ldb_dn *domain_dn = NULL;
        struct interface *ifaces;
-       bool user_known;
+       bool user_known, am_rodc;
        NTSTATUS status;
 
        /* the domain parameter could have an optional trailing "." */
@@ -233,7 +233,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
                
        server_type      = 
                DS_SERVER_DS | DS_SERVER_TIMESERV |
-               DS_SERVER_CLOSEST | DS_SERVER_WRITABLE | 
+               DS_SERVER_CLOSEST |
                DS_SERVER_GOOD_TIMESERV;
 
 #if 0
@@ -261,6 +261,10 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
                server_type |= DS_SERVER_KDC;
        }
 
+       if (samdb_rodc(sam_ctx, &am_rodc) != LDB_SUCCESS && !am_rodc) {
+               server_type |= DS_SERVER_WRITABLE;
+       }
+
 #if 0
        /* w2k8-r2 as a sole DC does not claim this */
        if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {