s3-netlogon: Add support to authenticate trusted domains.

[ddiss/samba.git] / source3 / rpc_server / netlogon / srv_netlog_nt.c

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index f681e909dd32f421a43d47cb356c184d0f5c805b..086a0ea3c5ab90a59b76918aa3e2f6331a80208e 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -907,6 +907,19 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
                srv_flgs |= NETLOGON_NEG_SCHANNEL;
        }
 
+       /*
+        * Support authenticaten of trusted domains.
+        *
+        * These flags are the minimum required set which works with win2k3
+        * and win2k8.
+        */
+       if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+               srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS |
+                           NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+                           NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+                           NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
+       }
+
        switch (p->opnum) {
                case NDR_NETR_SERVERAUTHENTICATE:
                        fn = "_netr_ServerAuthenticate";