CVE-2022-32743 s4:rpc_server/netlogon: Always observe NETR_WS_FLAG_HANDLES_SPN_UPDATE flag

Even when there is no old DNS hostname present.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest/knownfail.d/netlogon-dns-host-name

@@ -1,7 +1,6 @@
 ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_suffix\(
 ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_validated_write\(
 ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_write_property\(
-^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_with_flag\(
 ^samba4.rpc.netlogon on ncacn_ip_tcp with bigendian.netlogon.GetDomainInfo\(
 ^samba4.rpc.netlogon on ncacn_ip_tcp with seal,padcheck.netlogon.GetDomainInfo\(
 ^samba4.rpc.netlogon on ncacn_ip_tcp with validate.netlogon.GetDomainInfo\(

source4/rpc_server/netlogon/dcerpc_netlogon.c

@@ -2495,13 +2495,10 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 		/*
 		 * Updates the DNS hostname when the client wishes that the
 		 * server should handle this for him
-		 * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set). And this is
-		 * obviously only checked when we do already have a
-		 * "dNSHostName".
+		 * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
 		 * See MS-NRPC section 3.5.4.3.9
 		 */
-		if ((old_dns_hostname != NULL) &&
-		    (r->in.query->workstation_info->workstation_flags
+		if ((r->in.query->workstation_info->workstation_flags
 		    & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
 			update_dns_hostname = false;
 		}