From: Ralph Boehme Date: Thu, 3 Jul 2025 16:42:04 +0000 (+0200) Subject: s3/libsmb: check the negative-conn-cache in resolve_ads() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fv4-22-test;p=thirdparty%2Fsamba.git s3/libsmb: check the negative-conn-cache in resolve_ads() This way we throw away blacklisted servers right away when learning about them from the DNS SRV query. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981 Signed-off-by: Ralph Boehme Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Jul 30 10:10:21 UTC 2025 on atb-devel-224 (cherry picked from commit c1ee6fe9a489a8923d607e14d26768935a398849) Autobuild-User(v4-22-test): Jule Anger Autobuild-Date(v4-22-test): Thu Aug 7 13:50:32 UTC 2025 on atb-devel-224 --- diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index a54ca2f74d3..0b762af64af 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -2617,6 +2617,14 @@ static NTSTATUS resolve_ads(TALLOC_CTX *ctx, for(i = 0; i < numdcs; i++) { /* Copy all the IP addresses from the SRV response */ size_t j; + + status = check_negative_conn_cache(name, dcs[i].hostname); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("Skipping blacklisted server [%s] " + "for domain [%s]", dcs[i].hostname, name); + continue; + } + for (j = 0; j < dcs[i].num_ips; j++) { char addr[INET6_ADDRSTRLEN]; @@ -2625,12 +2633,19 @@ static NTSTATUS resolve_ads(TALLOC_CTX *ctx, continue; } + print_sockaddr(addr, + sizeof(addr), + &srv_addrs[num_srv_addrs]); + DBG_DEBUG("SRV lookup %s got IP[%zu] %s\n", - name, - j, - print_sockaddr(addr, - sizeof(addr), - &srv_addrs[num_srv_addrs])); + name, j, addr); + + status = check_negative_conn_cache(name, addr); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("Skipping blacklisted server [%s] " + "for domain [%s]", addr, name); + continue; + } num_srv_addrs++; }