s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.

Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>

Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.

Make sure cldap_search_send() copes with cldap parameter == NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144

(cherry picked from commit 44a7040500d74551b48eba04f5d0bedb1ec35ba6)

diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c
index c5977cc994a033cf0e20ed2aed6e4b1defedca7e..87f82b9b0dec7238b555e6ef5253453542f5dc0c 100644 (file)
--- a/libcli/cldap/cldap.c
+++ b/libcli/cldap/cldap.c
@@ -585,6 +585,11 @@ struct tevent_req *cldap_search_send(TALLOC_CTX *mem_ctx,
 
        talloc_set_destructor(state, cldap_search_state_destructor);
 
+       if (state->caller.cldap == NULL) {
+               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+               goto post;
+       }
+
        if (io->in.dest_address) {
                if (cldap->connected) {
                        tevent_req_nterror(req, NT_STATUS_PIPE_CONNECTED);

diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
index bd77943455f1c67527175d0b22c4a018af9b5a50..586a04a0e42b3d944aab1319d46789421f388510 100644 (file)
--- a/source3/libads/cldap.c
+++ b/source3/libads/cldap.c
@@ -117,8 +117,21 @@ struct tevent_req *cldap_multi_netlogon_send(
                                           NULL, /* local_addr */
                                           state->servers[i],
                                           &state->cldap[i]);
-               if (tevent_req_nterror(req, status)) {
-                       return tevent_req_post(req, ev);
+               if (!NT_STATUS_IS_OK(status)) {
+                       /*
+                        * Don't error out all sends just
+                        * because one cldap_socket_init() failed.
+                        * Log it here, and the cldap_netlogon_send()
+                        * will catch it (with in.dest_address == NULL)
+                        * and correctly error out in
+                        * cldap_multi_netlogon_done(). This still allows
+                        * the other requests to be concurrently sent.
+                        */
+                       DBG_NOTICE("cldap_socket_init failed for %s "
+                               " error %s\n",
+                               tsocket_address_string(state->servers[i],
+                                       req),
+                               nt_errstr(status));
                }
 
                state->ios[i].in.dest_address   = NULL;