The Samba-Bugzilla – Attachment 17301 Details for
Bug 14674
net ads info shows LDAP Server: 0.0.0.0 depending on contacted server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.14 next, 4.15 next and 4.16 rc
0001-s3-libads-Clear-previous-CLDAP-ping-flags-when-reusi.patch (text/plain), 2.97 KB, created by
Samuel Cabrero
on 2022-05-24 09:21:49 UTC
(
hide
)
Description:
Patch for 4.14 next, 4.15 next and 4.16 rc
Filename:
MIME Type:
Creator:
Samuel Cabrero
Created:
2022-05-24 09:21:49 UTC
Size:
2.97 KB
patch
obsolete
>From 267fd0e2898d4aea673e65973672dc6075a27721 Mon Sep 17 00:00:00 2001 >From: Samuel Cabrero <scabrero@suse.de> >Date: Mon, 23 May 2022 14:11:24 +0200 >Subject: [PATCH] s3:libads: Clear previous CLDAP ping flags when reusing the > ADS_STRUCT > >Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP >connection wasn't established yet (ads->ldap.ld == NULL), the >ads_current_time() function always allocated and initialized a new >ADS_STRUCT even when ads->ldap.ss had a good address after having called >ads_find_dc(). > >After that commit, when the ADS_STRUCT is reused and passed to the >ads_connect() call, ads_try_connect() may fail depending on the >contacted DC because ads->config.flags field can contain the flags >returned by the previous CLDAP call. For example, when having 5 DCs: > >* 192.168.101.31 has PDC FSMO role >* 192.168.101.32 >* 192.168.101.33 >* 192.168.101.34 >* 192.168.101.35 > >$> net ads info -S 192.168.101.35 > >net_ads_info() > ads_startup_nobind() > ads_startup_int() > ads_init() > ads_connect() > ads_try_connect(192.168.101.35) > check_cldap_reply_required_flags(returned=0xF1FC, required=0x0) > ads_current_time() > ads_connect() > ads_try_connect(192.168.101.35) > check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC) > >The check_cldap_reply_required_flags() call fails because >ads->config.flags contain the flags returned by the previous CLDAP call, >even when the returned and required values match because they have >different semantics: > > if (req_flags & DS_PDC_REQUIRED) > RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC); > > translates to: > > if (0xF1FC & 0x80) > RETURN_ON_FALSE(0xF1FC & 0x01); > > which returns false because 192.168.101.35 has no PDC FSMO role. > >The easiest fix for now is to reset ads->config.flags in >ads_current_time() when reusing an ADS_STRUCT before calling >ads_connect(), but we should consider storing the required and returned >flags in different fields or at least use the same bitmap for them >because check_cldap_reply_required_flags() is checking a >netr_DsRGetDCName_flags value using the nbt_server_type bitmap. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674 > >Signed-off-by: Samuel Cabrero <scabrero@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184 > >(cherry picked from commit a26f535dedc651afa2a25dd37113ac71787197ff) >--- > source3/libads/ldap.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c >index f83d3aee10a..71bad38c1b1 100755 >--- a/source3/libads/ldap.c >+++ b/source3/libads/ldap.c >@@ -3304,6 +3304,13 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads) > goto done; > } > } >+ >+ /* >+ * Reset ads->config.flags as it can contain the flags >+ * returned by the previous CLDAP ping when reusing the struct. >+ */ >+ ads_s->config.flags = 0; >+ > ads_s->auth.flags = ADS_AUTH_ANON_BIND; > status = ads_connect( ads_s ); > if ( !ADS_ERR_OK(status)) >-- >2.36.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
slow
:
review+
Actions:
View
Attachments on
bug 14674
:
16558
|
16559
|
16560
|
16562
|
17137
|
17138
|
17155
| 17301