dsdb-repl: When looking for a partition from a NC check that all non null parameters...

It means that we check that on the found partition (p)
 * nc->dn != NULL && nc->dn == p->dn
 * nc->guid != NULL && nc->guid == p->guid
 * nc->sid != NULL && nc->sid == p->sid

Signed-off-by: Matthieu Patou <mat@matws.net>

diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c
index a27674309d1aac9c3364a45a081c652bf1e5278f..4c597c3996afa1ad208a517292fba57453b87aa0 100644 (file)
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -462,12 +462,41 @@ WERROR dreplsrv_partition_find_for_nc(struct dreplsrv_service *s,
                    || strequal(p->nc.dn, nc_dn_str)
                    || (valid_sid && dom_sid_equal(&p->nc.sid, nc_sid)))
                {
-                       /* fill in he right guid and sid if possible */
+                       /*
+                        * fill in he right guid and sid if possible also validate
+                        * that guid match the guid of the partition and the
+                        * sid also
+                        */
                        if (nc_guid && !valid_guid) {
                                dsdb_get_extended_dn_guid(p->dn, nc_guid, "GUID");
+                       } else if (nc_guid && valid_guid &&
+                                  !GUID_equal (&p->nc.guid, nc_guid))
+                       {
+                               /*
+                                * NC was matching the DN or the SID but not
+                                * the non null specified GUID -> BADNC
+                                */
+                               return WERR_DS_DRA_BAD_NC;
                        }
+
                        if (nc_sid && !valid_sid) {
                                dsdb_get_extended_dn_sid(p->dn, nc_sid, "SID");
+                       } else if (nc_sid && valid_sid &&
+                                  !dom_sid_equal(&p->nc.sid, nc_sid))
+                       {
+                               /*
+                                * NC was matching the DN or the GUID but not
+                                * the non null specified SID -> BADNC
+                                */
+                               return WERR_DS_DRA_BAD_NC;
+                       }
+
+                       if (nc_dn_str && strequal(p->nc.dn, nc_dn_str) != 0) {
+                               /*
+                                * NC was matching the GUID or the SID but
+                                * the DN itself didn't match -> BADNC
+                                */
+                               return WERR_DS_DRA_BAD_NC;
                        }
                        *_p = p;
                        return WERR_OK;