From 3fcb7680571621f229f37dc7ff6ee4df29750b85 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Mon, 26 Mar 2018 14:25:45 +1300 Subject: [PATCH] dsdb: Allow the disable of the Windows server site fallback A usage in GetDCNameEx2 could return the wrong result. This may need to be fixed in other places. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365 Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- dfs_server/dfs_server_ad.c | 4 ++-- source4/dsdb/common/util.c | 8 ++++++-- source4/dsdb/samdb/ldb_modules/netlogon.c | 3 ++- source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 ++- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c index 04aa7e00ae3..84a19bd3805 100644 --- a/dfs_server/dfs_server_ad.c +++ b/dfs_server/dfs_server_ad.c @@ -602,7 +602,7 @@ static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx, } } - site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL); + site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true); status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0); if (!NT_STATUS_IS_OK(status)) { @@ -713,7 +713,7 @@ static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx, } } - site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL); + site_name = samdb_client_site_name(sam_ctx, r, client_str, NULL, true); status = get_dcs(r, sam_ctx, site_name, need_fqdn, &set, 0); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 3b416051ac1..ed91bc725df 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1825,9 +1825,13 @@ const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) /* * Finds the client site by using the client's IP address. * The "subnet_name" returns the name of the subnet if parameter != NULL + * + * Has a Windows-based fallback to provide the only site available, or an empty + * string if there are multiple sites. */ const char *samdb_client_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - const char *ip_address, char **subnet_name) + const char *ip_address, char **subnet_name, + bool fallback) { const char *attrs[] = { "cn", "siteObject", NULL }; struct ldb_dn *sites_container_dn, *subnets_dn, *sites_dn; @@ -1896,7 +1900,7 @@ const char *samdb_client_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, } } - if (site_name == NULL) { + if (site_name == NULL && fallback) { /* This is the Windows Server fallback rule: when no subnet * exists and we have only one site available then use it (it * is for sure the same as our server site). If more sites do diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c index 80599b8a2a0..1e74d1b9627 100644 --- a/source4/dsdb/samdb/ldb_modules/netlogon.c +++ b/source4/dsdb/samdb/ldb_modules/netlogon.c @@ -314,7 +314,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, server_site = samdb_server_site_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(server_site); client_site = samdb_client_site_name(sam_ctx, mem_ctx, - src_address, NULL); + src_address, NULL, + true); NT_STATUS_HAVE_NO_MEMORY(client_site); if (strcasecmp(server_site, client_site) == 0) { server_type |= DS_SERVER_CLOSEST; diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index cab27d20b16..6420d573766 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -3080,7 +3080,8 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce ctr->sitename[i].string = samdb_client_site_name(sam_ctx, mem_ctx, addr_str, - &subnet_name); + &subnet_name, + true); W_ERROR_HAVE_NO_MEMORY(ctr->sitename[i].string); ctr->subnetname[i].string = subnet_name; } -- 2.34.1