diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2017-03-20 15:37:12 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-30 08:06:06 +0200 |
| commit | eaf2c3e21dffde4dad89ce2e6c6a5061cc9f435f (patch) | |
| tree | d43501f8d58d107d805fd8ee111b83d0956b9f9b /source3/libads/cldap.c | |
| parent | 3dcee68fa998b9cf10ac34d6b3720d79475ac8c9 (diff) | |
| download | samba-eaf2c3e21dffde4dad89ce2e6c6a5061cc9f435f.tar.gz | |
libads: Check cldap flags in libads/ldap
Pass down request flags and check they are respected with the response
flags. Otherwise, error out and pretend the connection never happened.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/libads/cldap.c')
| -rw-r--r-- | source3/libads/cldap.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 586a04a0e42..f4022a19905 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../libcli/cldap/cldap.h" +#include "../librpc/gen_ndr/ndr_netlogon.h" #include "../lib/tsocket/tsocket.h" #include "../lib/util/tevent_ntstatus.h" #include "libads/cldap.h" @@ -47,6 +48,43 @@ struct cldap_multi_netlogon_state { static void cldap_multi_netlogon_done(struct tevent_req *subreq); static void cldap_multi_netlogon_next(struct tevent_req *subreq); +/**************************************************************** +****************************************************************/ + +#define RETURN_ON_FALSE(x) if (!(x)) return false; + +bool check_cldap_reply_required_flags(uint32_t ret_flags, + uint32_t req_flags) +{ + if (req_flags == 0) { + return true; + } + + if (req_flags & DS_PDC_REQUIRED) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC); + + if (req_flags & DS_GC_SERVER_REQUIRED) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_GC); + + if (req_flags & DS_ONLY_LDAP_NEEDED) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_LDAP); + + if ((req_flags & DS_DIRECTORY_SERVICE_REQUIRED) || + (req_flags & DS_DIRECTORY_SERVICE_PREFERRED)) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS); + + if (req_flags & DS_KDC_REQUIRED) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_KDC); + + if (req_flags & DS_TIMESERV_REQUIRED) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_TIMESERV); + + if (req_flags & DS_WRITABLE_REQUIRED) + RETURN_ON_FALSE(ret_flags & NBT_SERVER_WRITABLE); + + return true; +} + /* * Do a parallel cldap ping to the servers. The first "min_servers" * are fired directly, the remaining ones in 100msec intervals. If |