From fcc2f6ba4a1c853a6e836cd4b45c8da3e6601992 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 30 Sep 2010 00:27:52 +0200
Subject: s4:rpc_server/netlogon: validate flags in netr_DsRGetDCNameEx2() and
 callers

Thanks to Tarun Chopra for the help of looking up all the bits in
the docs.

metze
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 39 +++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server/netlogon')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6f88a723cf..8ef817127a 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1589,6 +1589,43 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
 
 	/* "server_unc" is ignored by w2k3 */
 
+	if (r->in.flags & ~(DSGETDC_VALID_FLAGS)) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	if (r->in.flags & DS_GC_SERVER_REQUIRED &&
+	    r->in.flags & DS_PDC_REQUIRED &&
+	    r->in.flags & DS_KDC_REQUIRED) {
+		return WERR_INVALID_FLAGS;
+	}
+	if (r->in.flags & DS_IS_FLAT_NAME &&
+	    r->in.flags & DS_IS_DNS_NAME) {
+		return WERR_INVALID_FLAGS;
+	}
+	if (r->in.flags & DS_RETURN_DNS_NAME &&
+	    r->in.flags & DS_RETURN_FLAT_NAME) {
+		return WERR_INVALID_FLAGS;
+	}
+	if (r->in.flags & DS_DIRECTORY_SERVICE_REQUIRED &&
+	    r->in.flags & DS_DIRECTORY_SERVICE_6_REQUIRED) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	if (r->in.flags & DS_GOOD_TIMESERV_PREFERRED &&
+	    r->in.flags &
+	    (DS_DIRECTORY_SERVICE_REQUIRED |
+	     DS_DIRECTORY_SERVICE_PREFERRED |
+	     DS_GC_SERVER_REQUIRED |
+	     DS_PDC_REQUIRED |
+	     DS_KDC_REQUIRED)) {
+		return WERR_INVALID_FLAGS;
+	}
+
+	if (r->in.flags & DS_TRY_NEXTCLOSEST_SITE &&
+	    r->in.site_name) {
+		return WERR_INVALID_FLAGS;
+	}
+
 	/* Proof server site parameter "site_name" if it was specified */
 	server_site_name = samdb_server_site_name(sam_ctx, mem_ctx);
 	W_ERROR_HAVE_NO_MEMORY(server_site_name);
@@ -1597,8 +1634,6 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
 		return WERR_NO_SUCH_DOMAIN;
 	}
 
-	/* TODO: the flags are ignored for now */
-
 	guid_str = r->in.domain_guid != NULL ?
 		 GUID_string(mem_ctx, r->in.domain_guid) : NULL;
 
-- 
cgit