dsdb/netlogon: make use of dsdb_dc_functional_level() in fill_netlogon_samlogon_respo...

[MS-ADTS] 6.3.3.2 "Domain Controller Response to an LDAP Ping" indicates
that the resulting flags depend on the server software (behavior)
and not the domain wide functional level.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c
index 66ab70b6f548ac19def586df290880eb716a03b3..332f9c0b409acc9deaf930f66367055bacdc4830 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/netlogon.c
+++ b/source4/dsdb/samdb/ldb_modules/netlogon.c
@@ -77,6 +77,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
        struct interface *ifaces;
        bool user_known = false, am_rodc = false;
        uint32_t uac = 0;
+       int dc_level;
        NTSTATUS status;
 
        /* the domain parameter could have an optional trailing "." */
@@ -287,7 +288,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
                server_type |= DS_SERVER_WRITABLE;
        }
 
-       if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
+       dc_level = dsdb_dc_functional_level(sam_ctx);
+       if (dc_level >= DS_DOMAIN_FUNCTION_2008) {
                if (server_type & DS_SERVER_WRITABLE) {
                        server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
                } else {