s4-drs: dsdb_validate_client_flags() function

This function is intended to check if some client is not lying about
his flags. At this moment, it only checks for RODC flags.

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 842f56b3ed6b25ed78fa699375c6f348986ddd92..9e2e358b3b651e458180c44b26242a2af58f7b0e 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2413,6 +2413,34 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb,
 }
 
 
+int dsdb_validate_client_flags(struct ldb_context *ldb,
+                              const struct repsFromTo1 *client_rf)
+{
+       int ret;
+       TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+
+       if (client_rf->replica_flags & DRSUAPI_DRS_WRIT_REP) {
+               bool is_rodc;
+               ret = samdb_is_rodc(ldb, &client_rf->source_dsa_invocation_id, &is_rodc);
+               if (ret != LDB_SUCCESS) {
+                       talloc_free(tmp_ctx);
+                       return ret;
+               }
+               if (is_rodc) {
+                       DEBUG(0,("Client %s claimed to be WRIT_REP, but is RODC\n",
+                                GUID_string(tmp_ctx, &client_rf->source_dsa_invocation_id)));
+                       talloc_free(tmp_ctx);
+                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               }
+       }
+
+       /* TODO: we may need to validate more client flags here, if they
+          are security sensitive */
+
+       talloc_free(tmp_ctx);
+       return LDB_SUCCESS;
+}
+
 
 /*
   load a repsFromTo blob list for a given partition GUID