git.ipfire.org Git - thirdparty/samba.git/commit

author	Pavel Filipenský <pfilipensky@samba.org>
	Mon, 19 Jan 2026 13:33:52 +0000 (14:33 +0100)
committer	Pavel Filipensky <pfilipensky@samba.org>
	Thu, 22 Jan 2026 08:11:34 +0000 (08:11 +0000)
commit	9f3a35991feb01a8d2c2b69fa0b914bbc637a809
tree	b983951d0d401985118a49b4ab314e9475edb921	tree \| snapshot
parent	e2825363b3accd01e2f5db033c8a0de0e7f532f9	commit \| diff

s3:libads: Reset ads->config.flags in ads_disconnect()

This is doing the same thing in ads_disconnect() as commit
a26f535 Clear previous CLDAP ping flags when reusing the ADS_STRUCT
did in ads_current_time()

In this case we:

1) found cached ADS_STRUCT which already has ads->config.flags set:

  lookup_groupmem()
    ads_cached_connection()
      ads_cached_connection_reuse()

2) started search which immediately timeouts (the cached conn. was dead)

  ads_do_search_retry_internal()
    ldap_search_with_timeout() - IO_TIMEOUT

3) Retry loop finds a new DC and tries to connect

  ads_do_search_retry_internal()
    ads_disconnect()
    ads_find_dc()
    ads_try_connect()
      netlogon_pings()
        check_cldap_reply_required_flags()

4) check_cldap_reply_required_flags() fails since ads->config.flags
   (stored possibly long time ago) contain:

   NBT_SERVER_CLOSEST  0x00000080
     which is misinterpreted as:
   DS_PDC_REQUIRED     0x00000080

   the newly found DC is not PDC (we asked for DS_ONLY_LDAP_NEEDED)
   and since previous DC had NBT_SERVER_CLOSEST we want DS_PDC_REQUIRED
   and fail.

We should anyway avoid mixing independent namespaces  NBT_* and DS_*
in the same flag.
Next commit will do that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>