[Pkg-samba-maint] Bug#1023606: samba: IPv6 only samba-tool gpo listall does not work, can't find DC

Matthew Grant matt at mattgrant.net.nz
Mon Nov 7 14:30:34 GMT 2022 

Package: samba
Version: 4.16.5
Severity: important
Tags: patch upstream ipv6
X-Debbugs-Cc: matt at mattgrant.net.nz

This is reported upstream as Samba bug https://bugzilla.samba.org/show_bug.cgi?id=15226

Bug in central Samba DNS resolution code in IPv6 only environment.  This one probably also
affects domain sign up and join code, as well as samba-tool gpo
funcionality.

finddcs() does not resolve SRV records when there are only AAAA records in the DNS for the AD DC servers.

Patch attached.  Please merge with Debian Samba packages.




-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.75-amd64-mag-lts (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages samba depends on:
ii  adduser              3.118
ii  dpkg                 1.20.12
ii  init-system-helpers  1.60
ii  libbsd0              0.11.3-1
ii  libc6                2.31-13+deb11u5
ii  libcups2             2.3.3op2-3+deb11u2
ii  libgnutls30          3.7.1-5+deb11u2
ii  libldap-2.4-2        2.4.57+dfsg-3+deb11u1
hi  libldb2              2:2.4.1+mag-1
ii  libpam-modules       1.4.0-9+deb11u1
ii  libpam-runtime       1.4.0-9+deb11u1
ii  libpopt0             1.18-2
pn  libpython3.7         <none>
ii  libpython3.9         3.9.2-1
ii  libtalloc2           2.3.3+mag-1~0mag0
ii  libtasn1-6           4.16.0-2
ii  libtdb1              1.4.6+mag-1
ii  libtevent0           0.11.0+mag-1~0mag0
ii  libwbclient0         2:4.16.5+mag-2
ii  lsb-base             11.1.0
ii  procps               2:3.3.17-5
ii  python3              3.9.2-3
ii  python3-dnspython    2.0.0-1
pn  python3-samba        <none>
pn  samba-common         <none>
pn  samba-common-bin     <none>
pn  samba-libs           <none>
ii  tdb-tools            1.4.6+mag-1

Versions of packages samba recommends:
ii  attr                1:2.4.48-6
ii  logrotate           3.18.0-2+deb11u1
ii  python3-markdown    3.3.4-1
pn  samba-dsdb-modules  <none>
pn  samba-vfs-modules   <none>

Versions of packages samba suggests:
pn  bind9                     <none>
ii  bind9-utils [bind9utils]  1:9.16.33-1~deb11u1
ii  bind9utils                1:9.16.33-1~deb11u1
ii  chrony                    4.0-8+deb11u2
pn  ctdb                      <none>
ii  ldb-tools                 2:2.5.2+samba4.16.5+mag-2
ii  smbldap-tools             0.9.11-2
pn  ufw                       <none>
pn  winbind                   <none>
-------------- next part --------------
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
index 0bb3ba02287..0525d0d019a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -81,7 +81,7 @@ struct dns_records_container {
 	uint32_t count;
 };
 
-static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
+static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num,
 			  char ***cur_addrs, uint32_t total,
 			  struct dns_request *reply, int port)
 {
@@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
 						rr->name->pLabelList->label);
 		if (addrs[total]) {
 			total++;
-			if (rr->type == QTYPE_A) {
-				(*a_num)++;
+			if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) {
+				(*addr_num)++;
 			}
 		}
 	}
@@ -211,7 +211,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
 	struct dns_request *reply;
 	struct dns_records_container ret;
 	char **addrs = NULL;
-	uint32_t a_num, total;
+	uint32_t addr_num, total;
 	uint16_t qtype;
 	TALLOC_CTX *tmp_ctx;
 	DNS_ERROR err;
@@ -236,12 +236,13 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
 		}
 	}
 
-	a_num = total = 0;
-	total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port);
+	addr_num = total = 0;
+	total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port);
 
-	if (qtype == QTYPE_AAAA && a_num == 0) {
+	if (qtype == QTYPE_AAAA && addr_num == 0) {
 		/*
-		* DNS server didn't returned A when asked for AAAA records.
+		* DNS server didn't returned A when asked for AAAA records,
+		* and no AAAA record returned either
 		* Most of the server do it, let's ask for A specificaly.
 		*/
 		err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply);
@@ -249,7 +250,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
 			goto done;
 		}
 
-		total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total,
+		total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total,
 					reply, port);
 
 	}
-------------- next part --------------
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
index 0bb3ba02287..0525d0d019a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -81,7 +81,7 @@ struct dns_records_container {
 	uint32_t count;
 };
 
-static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
+static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num,
 			  char ***cur_addrs, uint32_t total,
 			  struct dns_request *reply, int port)
 {
@@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
 						rr->name->pLabelList->label);
 		if (addrs[total]) {
 			total++;
-			if (rr->type == QTYPE_A) {
-				(*a_num)++;
+			if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) {
+				(*addr_num)++;
 			}
 		}
 	}
@@ -211,7 +211,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
 	struct dns_request *reply;
 	struct dns_records_container ret;
 	char **addrs = NULL;
-	uint32_t a_num, total;
+	uint32_t addr_num, total;
 	uint16_t qtype;
 	TALLOC_CTX *tmp_ctx;
 	DNS_ERROR err;
@@ -236,12 +236,13 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
 		}
 	}
 
-	a_num = total = 0;
-	total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port);
+	addr_num = total = 0;
+	total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port);
 
-	if (qtype == QTYPE_AAAA && a_num == 0) {
+	if (qtype == QTYPE_AAAA && addr_num == 0) {
 		/*
-		* DNS server didn't returned A when asked for AAAA records.
+		* DNS server didn't returned A when asked for AAAA records,
+		* and no AAAA record returned either
 		* Most of the server do it, let's ask for A specificaly.
 		*/
 		err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply);
@@ -249,7 +250,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx,
 			goto done;
 		}
 
-		total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total,
+		total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total,
 					reply, port);
 
 	}

More information about the Pkg-samba-maint mailing list