From 17c01a5e900d77d622f3c33a440de739e64940e4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 3 Feb 2011 16:11:32 +0100
Subject: s3:rpc_server/netlogon: reject validation level 6 without ads support

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 10:06:26 CET 2011 on sn-devel-104
---
 source3/rpc_server/srv_netlog_nt.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'source3')

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 11fa9462da..397c658dd4 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1314,7 +1314,13 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
 		switch (r->in.validation_level) {
 		case NetlogonValidationSamInfo:  /* 2 */
 		case NetlogonValidationSamInfo2: /* 3 */
+			break;
 		case NetlogonValidationSamInfo4: /* 6 */
+			if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
+				DEBUG(10,("Not adding validation info level 6 "
+				   "without ADS passdb backend\n"));
+				return NT_STATUS_INVALID_INFO_CLASS;
+			}
 			break;
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
@@ -1330,7 +1336,13 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
 		switch (r->in.validation_level) {
 		case NetlogonValidationSamInfo:  /* 2 */
 		case NetlogonValidationSamInfo2: /* 3 */
+			break;
 		case NetlogonValidationSamInfo4: /* 6 */
+			if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
+				DEBUG(10,("Not adding validation info level 6 "
+				   "without ADS passdb backend\n"));
+				return NT_STATUS_INVALID_INFO_CLASS;
+			}
 			break;
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
@@ -1343,6 +1355,9 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 
+		/* we don't support this here */
+		return NT_STATUS_INVALID_PARAMETER;
+#if 0
 		switch (r->in.validation_level) {
 		/* TODO: case NetlogonValidationGenericInfo: 4 */
 		case NetlogonValidationGenericInfo2: /* 5 */
@@ -1352,6 +1367,7 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
 		}
 
 		break;
+#endif
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
-- 
cgit