s3-netlogon: fix updating trust accout passwords with downlevel domains.

When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index a5f48d4aa5a90266ae575476caaff166ec59ff71..191a0b0126ed00ed4ded38d887d8e00339cfec80 100644 (file)
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -516,10 +516,10 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
                                            enum netr_SchannelType sec_channel_type)
 {
        NTSTATUS result;
-       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
        struct netr_Authenticator clnt_creds, srv_cred;
 
        if (!cli->dc) {
+               uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
                result = rpccli_netlogon_setup_creds(cli,
                                                     cli->desthost, /* server name */
                                                     lp_workgroup(), /* domain */
@@ -537,7 +537,7 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 
        netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
 
-       if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
+       if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
                struct netr_CryptPassword new_password;