libads: fix get_kdc_ip_string()

Correctly handle the interaction between optionally passed in DC via
pss and DC lookup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 23f100f67c0586a940e91e9e1e6f42b804401322)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 106e773f1b6976867ecc47611cb81b37abc45a33..30df5c97934f91b6e4a54dce5e3ef326d9fbc9a8 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -531,10 +531,12 @@ static char *get_kdc_ip_string(char *mem_ctx,
        DBG_DEBUG("%zu additional KDCs to test\n", num_dcs);
        if (num_dcs == 0) {
                /*
-                * We do not have additional KDCs, but we have the one passed
-                * in via `pss`. So just use that one and leave.
+                * We do not have additional KDCs, but if we have one passed
+                * in via `pss` just use that one, otherwise fail
                 */
-               result = talloc_move(mem_ctx, &kdc_str);
+               if (pss != NULL) {
+                       result = talloc_move(mem_ctx, &kdc_str);
+               }
                goto out;
        }
 
@@ -575,6 +577,13 @@ static char *get_kdc_ip_string(char *mem_ctx,
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10,("get_kdc_ip_string: cldap_multi_netlogon failed: "
                          "%s\n", nt_errstr(status)));
+               /*
+                * cldap_multi_netlogon() failed, but if we have one passed
+                * in via `pss` just just use that one, otherwise fail
+                */
+               if (pss != NULL) {
+                       result = talloc_move(mem_ctx, &kdc_str);
+               }
                goto out;
        }