samba.git/source3/libads, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT 2022-05-23T19:18:38+00:00 Samuel Cabrero scabrero@suse.de 2022-05-23T12:11:24+00:00 a26f535dedc651afa2a25dd37113ac71787197ff Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP connection wasn't established yet (ads->ldap.ld == NULL), the ads_current_time() function always allocated and initialized a new ADS_STRUCT even when ads->ldap.ss had a good address after having called ads_find_dc(). After that commit, when the ADS_STRUCT is reused and passed to the ads_connect() call, ads_try_connect() may fail depending on the contacted DC because ads->config.flags field can contain the flags returned by the previous CLDAP call. For example, when having 5 DCs: * 192.168.101.31 has PDC FSMO role * 192.168.101.32 * 192.168.101.33 * 192.168.101.34 * 192.168.101.35 $> net ads info -S 192.168.101.35 net_ads_info() ads_startup_nobind() ads_startup_int() ads_init() ads_connect() ads_try_connect(192.168.101.35) check_cldap_reply_required_flags(returned=0xF1FC, required=0x0) ads_current_time() ads_connect() ads_try_connect(192.168.101.35) check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC) The check_cldap_reply_required_flags() call fails because ads->config.flags contain the flags returned by the previous CLDAP call, even when the returned and required values match because they have different semantics: if (req_flags & DS_PDC_REQUIRED) RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC); translates to: if (0xF1FC & 0x80) RETURN_ON_FALSE(0xF1FC & 0x01); which returns false because 192.168.101.35 has no PDC FSMO role. The easiest fix for now is to reset ads->config.flags in ads_current_time() when reusing an ADS_STRUCT before calling ads_connect(), but we should consider storing the required and returned flags in different fields or at least use the same bitmap for them because check_cldap_reply_required_flags() is checking a netr_DsRGetDCName_flags value using the nbt_server_type bitmap. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184 
Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().

After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:

* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35

$> net ads info -S 192.168.101.35

net_ads_info()
  ads_startup_nobind()
    ads_startup_int()
      ads_init()
      ads_connect()
        ads_try_connect(192.168.101.35)
          check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
  ads_current_time()
    ads_connect()
      ads_try_connect(192.168.101.35)
        check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)

The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:

  if (req_flags & DS_PDC_REQUIRED)
        RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);

  translates to:

  if (0xF1FC & 0x80)
        RETURN_ON_FALSE(0xF1FC & 0x01);

  which returns false because 192.168.101.35 has no PDC FSMO role.

The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674

Signed-off-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct() 2022-05-23T18:25:28+00:00 Samuel Cabrero scabrero@suse.de 2022-05-23T09:43:29+00:00 11e0eb6f938002d93169c0293d7ec5e0488df307 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:libads: Fix creating local krb5.conf 2022-03-16T14:26:36+00:00 Andreas Schneider asn@samba.org 2022-03-15T12:10:06+00:00 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c We create an KDC ip string entry directly at the beginning, use it if we don't have any additional DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184 
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string() 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T12:02:05+00:00 12c843ad0a97fcbaaea738b82941533e5d2aec99 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:libads: Remove obsolete free's of kdc_str 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T11:57:18+00:00 cca189d0934790418e27d9d01282370b1e6a057f This is allocated on the stackframe now! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
This is allocated on the stackframe now!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:libads: Allocate all memory on the talloc stackframe 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T11:56:58+00:00 652c8ce1672dfead00c7af6af22e3bb3927764ec BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string() 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T11:48:23+00:00 812032833aa65729dbbfd4313a6e3fe072c88530 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:libads: Improve debug messages for get_kdc_ip_string() 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T11:10:47+00:00 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:libads: Leave early on error in get_kdc_ip_string() 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T11:04:34+00:00 313f03c78487ae49747b8143220ecbfe8ad9310a This avoids useless allocations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
This avoids useless allocations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:libads: Remove trailing spaces in kerberos.c 2022-03-16T13:28:30+00:00 Andreas Schneider asn@samba.org 2022-03-15T11:03:40+00:00 567b1996796e5d3cf572653f38817d832fa135ca BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>