summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-09-30 00:27:52 +0200
committerStefan Metzmacher <metze@samba.org>2010-10-23 10:58:14 +0200
commitfcc2f6ba4a1c853a6e836cd4b45c8da3e6601992 (patch)
treea8e29273a92d64cd4e7e16669c294132502b50c9
parente297625d96a6ad6deba4edf2dc69756ba67aa452 (diff)
downloadsamba-fcc2f6ba4a1c853a6e836cd4b45c8da3e6601992.tar.gz
samba-fcc2f6ba4a1c853a6e836cd4b45c8da3e6601992.tar.bz2
samba-fcc2f6ba4a1c853a6e836cd4b45c8da3e6601992.zip
s4:rpc_server/netlogon: validate flags in netr_DsRGetDCNameEx2() and callers
Thanks to Tarun Chopra for the help of looking up all the bits in the docs. metze
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c39
1 files changed, 37 insertions, 2 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6f88a723cf..8ef817127a 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1589,6 +1589,43 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
/* "server_unc" is ignored by w2k3 */
+ if (r->in.flags & ~(DSGETDC_VALID_FLAGS)) {
+ return WERR_INVALID_FLAGS;
+ }
+
+ if (r->in.flags & DS_GC_SERVER_REQUIRED &&
+ r->in.flags & DS_PDC_REQUIRED &&
+ r->in.flags & DS_KDC_REQUIRED) {
+ return WERR_INVALID_FLAGS;
+ }
+ if (r->in.flags & DS_IS_FLAT_NAME &&
+ r->in.flags & DS_IS_DNS_NAME) {
+ return WERR_INVALID_FLAGS;
+ }
+ if (r->in.flags & DS_RETURN_DNS_NAME &&
+ r->in.flags & DS_RETURN_FLAT_NAME) {
+ return WERR_INVALID_FLAGS;
+ }
+ if (r->in.flags & DS_DIRECTORY_SERVICE_REQUIRED &&
+ r->in.flags & DS_DIRECTORY_SERVICE_6_REQUIRED) {
+ return WERR_INVALID_FLAGS;
+ }
+
+ if (r->in.flags & DS_GOOD_TIMESERV_PREFERRED &&
+ r->in.flags &
+ (DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_DIRECTORY_SERVICE_PREFERRED |
+ DS_GC_SERVER_REQUIRED |
+ DS_PDC_REQUIRED |
+ DS_KDC_REQUIRED)) {
+ return WERR_INVALID_FLAGS;
+ }
+
+ if (r->in.flags & DS_TRY_NEXTCLOSEST_SITE &&
+ r->in.site_name) {
+ return WERR_INVALID_FLAGS;
+ }
+
/* Proof server site parameter "site_name" if it was specified */
server_site_name = samdb_server_site_name(sam_ctx, mem_ctx);
W_ERROR_HAVE_NO_MEMORY(server_site_name);
@@ -1597,8 +1634,6 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
return WERR_NO_SUCH_DOMAIN;
}
- /* TODO: the flags are ignored for now */
-
guid_str = r->in.domain_guid != NULL ?
GUID_string(mem_ctx, r->in.domain_guid) : NULL;