s4:rpc_server: Do some checks of LogonSamLogon flags

[metze/samba/wip.git] / source4 / rpc_server / netlogon / dcerpc_netlogon.c

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 9392a3975d0f4ec3bd7c7d8848a3f117afb36ced..0932eb0d36c64872dd6e5e4b7e2d91cee2ed6a08 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -856,6 +856,20 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 
        *r->out.authoritative = 1;
 
+       if (*r->in.flags & NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT) {
+               /*
+                * Currently we're always the forest root ourself.
+                */
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
+       if (*r->in.flags & NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP) {
+               /*
+                * Currently we don't support trusts correctly yet.
+                */
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
        user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
        NT_STATUS_HAVE_NO_MEMORY(user_info);