1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
samba-mirror/source3/libads
Samuel Cabrero a26f535ded s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Before commit 1d066f37b9, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().

After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:

* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35

$> net ads info -S 192.168.101.35

net_ads_info()
  ads_startup_nobind()
    ads_startup_int()
      ads_init()
      ads_connect()
        ads_try_connect(192.168.101.35)
          check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
  ads_current_time()
    ads_connect()
      ads_try_connect(192.168.101.35)
        check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)

The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:

  if (req_flags & DS_PDC_REQUIRED)
        RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);

  translates to:

  if (0xF1FC & 0x80)
        RETURN_ON_FALSE(0xF1FC & 0x01);

  which returns false because 192.168.101.35 has no PDC FSMO role.

The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674

Signed-off-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
2022-05-23 19:18:38 +00:00
..
ads_ldap_protos.h
ads_proto.h s3: libads: Add utility function ads_zero_ldap(). 2020-08-18 08:25:39 +00:00
ads_status.c krb5_wrap: move source3/libads/krb5_errs.c to lib/krb5_wrap/krb5_errs.c 2020-02-10 16:32:37 +00:00
ads_status.h
ads_struct.c s3: libads: Where we implicitly zero out ads->ldap in ads_init() or ads_destroy() ensure we call ads_zero_ldap() after. 2020-08-18 08:25:39 +00:00
authdata.c s3:libads: Return canonical principal and realm from kerberos_return_pac() 2022-02-23 15:20:32 +00:00
cldap.c s3/libads: clang: Fix Array access results in a null pointer dereference 2019-09-25 09:47:32 +00:00
cldap.h libads: Check cldap flags in libads/ldap 2017-05-30 08:06:06 +02:00
disp_sec.c s3/libads: cppcheck fix error: shiftTooManyBitsSigned: error 2019-05-29 10:10:23 +00:00
kerberos_keytab.c s3:libads: Remove extra new line in keytab list output 2021-07-02 11:45:48 +00:00
kerberos_proto.h s3:libads: Return canonical principal and realm from kerberos_return_pac() 2022-02-23 15:20:32 +00:00
kerberos_util.c s3:libads: let kerberos_kinit_password_ext() return the canonicalized principal/realm 2019-09-24 18:30:37 +00:00
kerberos.c s3:libads: Fix creating local krb5.conf 2022-03-16 14:26:36 +00:00
krb5_setpw.c s3:libads: Do not turn on canonicalization flag for MIT Kerberos 2019-10-12 17:39:13 +00:00
ldap_printer.c werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libads/ldap_printer.c 2016-09-28 00:04:18 +02:00
ldap_schema_oids.h libads: Factor out ldap_schema_oids.h 2016-02-03 15:04:11 +01:00
ldap_schema.c libads: Factor out ldap_schema_oids.h 2016-02-03 15:04:11 +01:00
ldap_schema.h libads: Factor out ldap_schema_oids.h 2016-02-03 15:04:11 +01:00
ldap_user.c
ldap_utils.c s3/libads: clang: Fix 'Value stored during initialization is never read' 2019-09-26 18:41:27 +00:00
ldap.c s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT 2022-05-23 19:18:38 +00:00
ndr.c s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct() 2022-05-23 18:25:28 +00:00
net_ads_setspn.c s3:utils: add new 'net ads setspn delete' subcommand 2018-03-02 14:07:14 +01:00
sasl_wrapping.c libads: abstract out SASL wrapping code 2017-05-17 23:02:09 +02:00
sasl.c s3:libads: Disable NTLMSSP if not allowed (for builds without kerberos) 2022-01-21 23:33:36 +00:00
sitename_cache.c libads: Convert sitename_key() to talloc 2022-01-18 20:22:38 +00:00
sitename_cache.h
util.c Spelling fixes s/convertion/conversion/ 2019-09-01 22:21:26 +00:00