From: Ralph Boehme <slow@samba.org>
Date: Thu, 24 Jul 2025 10:59:30 +0000 (+0200)
Subject: libads: change netlogon_pings() behaviour wrt to min_servers parameter
X-Git-Tag: samba-4.23.0rc2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d50eb1938a26e7d8a81e56acc64365473b0e9fc;p=thirdparty%2Fsamba.git

libads: change netlogon_pings() behaviour wrt to min_servers parameter

Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail
if it can't contact X DCs. This is not really what we want. What we want is: we
want at least one DC, and up to X.

Change implemenentation in that sense and rename the min_servers argument to
wanted_servers to express this behaviour change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Aug 13 19:31:10 UTC 2025 on atb-devel-224

(cherry picked from commit 85dd55a5fef0049660126bdcd48abfa1c48da259)
---

diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
index 96d602d9feb..fdb78454141 100644
--- a/source3/libads/cldap.c
+++ b/source3/libads/cldap.c
@@ -69,7 +69,7 @@ static bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
 			.acct_ctrl = -1,
 			.required_flags = required_flags,
 		},
-		1,				    /* min_servers */
+		1,				    /* wanted_servers */
 		timeval_current_ofs(MAX(3, lp_ldap_timeout() / 2), 0),
 		&responses);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index deafe1c4fce..d8325201b2f 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -1225,7 +1225,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
 					.acct_ctrl = -1,
 					.required_flags = DS_KDC_REQUIRED,
 				},
-				MIN(num_dcs, 3),	   /* min_servers */
+				MIN(num_dcs, 3),	   /* wanted_servers */
 				timeval_current_ofs(3, 0), /* timeout */
 				&responses);
 	TALLOC_FREE(dc_addrs2);
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index af467cfe390..49fa1d47298 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -501,7 +501,7 @@ again:
 					.required_flags = ads->config.flags |
 							  DS_ONLY_LDAP_NEEDED,
 				},
-				1,	 /* min_servers */
+				1,	 /* wanted_servers */
 				endtime, /* timeout */
 				&responses);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libads/netlogon_ping.c b/source3/libads/netlogon_ping.c
index 76263a72d71..c65244dd876 100644
--- a/source3/libads/netlogon_ping.c
+++ b/source3/libads/netlogon_ping.c
@@ -588,7 +588,7 @@ struct netlogon_pings_state {
 
 	struct tsocket_address **servers;
 	size_t num_servers;
-	size_t min_servers;
+	size_t wanted_servers;
 	struct timeval timeout;
 	enum client_netlogon_ping_protocol proto;
 	uint32_t required_flags;
@@ -610,7 +610,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx,
 				       struct tsocket_address **servers,
 				       size_t num_servers,
 				       struct netlogon_ping_filter filter,
-				       size_t min_servers,
+				       size_t wanted_servers,
 				       struct timeval timeout)
 {
 	struct tevent_req *req = NULL;
@@ -626,7 +626,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx,
 	state->proto = proto;
 	state->servers = servers;
 	state->num_servers = num_servers;
-	state->min_servers = min_servers;
+	state->wanted_servers = wanted_servers;
 	state->timeout = timeout;
 	state->required_flags = filter.required_flags;
 
@@ -685,7 +685,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx,
 	}
 	state->filter = filter_str;
 
-	for (i = 0; i < min_servers; i++) {
+	for (i = 0; i < wanted_servers; i++) {
 		state->reqs[i] = netlogon_ping_send(state->reqs,
 						    state->ev,
 						    state->servers[i],
@@ -699,7 +699,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx,
 					netlogon_pings_done,
 					req);
 	}
-	state->num_sent = min_servers;
+	state->num_sent = wanted_servers;
 	if (state->num_sent < state->num_servers) {
 		/*
 		 * After 100 milliseconds fire the next one
@@ -818,7 +818,7 @@ static void netlogon_pings_done(struct tevent_req *subreq)
 		}
 	}
 
-	if (state->num_good_received >= state->min_servers) {
+	if (state->num_good_received >= state->wanted_servers) {
 		tevent_req_done(req);
 		return;
 	}
@@ -828,8 +828,13 @@ static void netlogon_pings_done(struct tevent_req *subreq)
 		 */
 		return;
 	}
+	if (state->num_good_received == 1) {
+		/* We require at least one DC */
+		tevent_req_done(req);
+		return;
+	}
 	/*
-	 * Everybody replied, but we did not get enough good
+	 * Everybody replied, but we did not get a single good
 	 * answers (see above)
 	 */
 	tevent_req_nterror(req, NT_STATUS_NOT_FOUND);
@@ -857,7 +862,7 @@ NTSTATUS netlogon_pings(TALLOC_CTX *mem_ctx,
 			struct tsocket_address **servers,
 			int num_servers,
 			struct netlogon_ping_filter filter,
-			int min_servers,
+			int wanted_servers,
 			struct timeval timeout,
 			struct netlogon_samlogon_response ***responses)
 {
@@ -876,7 +881,7 @@ NTSTATUS netlogon_pings(TALLOC_CTX *mem_ctx,
 				  servers,
 				  num_servers,
 				  filter,
-				  min_servers,
+				  wanted_servers,
 				  timeout);
 	if (req == NULL) {
 		goto fail;
diff --git a/source3/libads/netlogon_ping.h b/source3/libads/netlogon_ping.h
index d50c0a47936..6063c4e8a28 100644
--- a/source3/libads/netlogon_ping.h
+++ b/source3/libads/netlogon_ping.h
@@ -45,7 +45,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx,
 				       struct tsocket_address **servers,
 				       size_t num_servers,
 				       struct netlogon_ping_filter filter,
-				       size_t min_servers,
+				       size_t wanted_servers,
 				       struct timeval timeout);
 NTSTATUS netlogon_pings_recv(struct tevent_req *req,
 			     TALLOC_CTX *mem_ctx,
@@ -55,7 +55,7 @@ NTSTATUS netlogon_pings(TALLOC_CTX *mem_ctx,
 			struct tsocket_address **servers,
 			int num_servers,
 			struct netlogon_ping_filter filter,
-			int min_servers,
+			int wanted_servers,
 			struct timeval timeout,
 			struct netlogon_samlogon_response ***responses);
 
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index 695f0c38d85..97633317903 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -871,7 +871,7 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
 			.domain = domain_name,
 			.required_flags = flags,
 		},
-		1, /* min_servers */
+		1, /* wanted_servers */
 		timeval_current_ofs(MAX(3, lp_ldap_timeout() / 2), 0),
 		&responses);
 
diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
index 9ee51f3ee86..d60dc9846b1 100644
--- a/source4/libnet/libnet_site.c
+++ b/source4/libnet/libnet_site.c
@@ -74,7 +74,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
 						     NETLOGON_NT_VERSION_5EX,
 					.acct_ctrl = -1,
 				},
-				1, /* min_servers */
+				1, /* wanted_servers */
 				tevent_timeval_current_ofs(2, 0), /* timeout */
 				&responses);
 
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index bac0f29695e..3fbbd0ccafb 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -4456,7 +4456,7 @@ static bool check_dom_trust_pw(struct dcerpc_pipe *p,
 							     : ACB_DOMTRUST,
 					.user = account,
 				},
-				1, /* min_servers */
+				1, /* wanted_servers */
 				tevent_timeval_current_ofs(2, 0), /* timeout */
 				&responses);
 	torture_assert_ntstatus_ok(tctx, status, "netlogon_pings");