From: Garming Sam Date: Mon, 26 Mar 2018 01:32:07 +0000 (+1300) Subject: netlogon: Store the client site to clobber any plausibly returned via winbind X-Git-Tag: ldb-1.4.0~427 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b56b522d49f3e20dc2ea3819a82f742e614ea9c;p=thirdparty%2Fsamba.git netlogon: Store the client site to clobber any plausibly returned via winbind So far, I have never observed the case where the winbind call ever bothered to return a proper site, but in case it ever does so, we clobber it here. This has implications for returning a non-local domain site name, but for now, we ignore them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett --- diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index df2b966fcf4..d497364ea0d 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2754,6 +2754,7 @@ struct dcesrv_netr_DsRGetDCName_base_state { TALLOC_CTX *mem_ctx; struct netr_DsRGetDCNameEx2 r; + const char *client_site; struct { struct netr_DsRGetDCName *dc; @@ -2882,6 +2883,22 @@ static WERROR dcesrv_netr_DsRGetDCName_base_call(struct dcesrv_netr_DsRGetDCName struct dcerpc_binding_handle *irpc_handle = NULL; struct tevent_req *subreq = NULL; + /* + * Retrieve the client site to override the winbind response. + * + * DO NOT use Windows fallback for client site. + * In the case of multiple domains, this is plainly wrong. + * + * Note: It's possible that the client may belong to multiple + * subnets across domains. It's not clear what this would mean, + * but here we only return what this domain knows. + */ + state->client_site = samdb_client_site_name(sam_ctx, + state, + remote_addr, + NULL, + false); + irpc_handle = irpc_binding_handle_by_name(state, dce_call->msg_ctx, "winbind_server", @@ -3061,6 +3078,10 @@ static void dcesrv_netr_DsRGetDCName_base_done(struct tevent_req *subreq) (state->r.out.info[0]->dc_site_name != NULL && strcasecmp_m(state->r.out.info[0]->dc_site_name, state->r.in.site_name) == 0)) { + + state->r.out.info[0]->client_site_name = + talloc_move(state->mem_ctx, &state->client_site); + /* * Make sure to return our DC UNC with // prefix. * Winbind currently doesn't send the leading slashes