Package: samba
Version: 4.16.5
Severity: important
Tags: patch upstream ipv6
X-Debbugs-Cc: m...@mattgrant.net.nz
This is reported upstream as Samba bug
https://bugzilla.samba.org/show_bug.cgi?id=15226
Bug in central Samba DNS resolution code in IPv6 only environment. This one
probably also
affects domain sign up and join code, as well as samba-tool gpo
funcionality.
finddcs() does not resolve SRV records when there are only AAAA records in the
DNS for the AD DC servers.
Patch attached. Please merge with Debian Samba packages.
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.75-amd64-mag-lts (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii adduser 3.118
ii dpkg 1.20.12
ii init-system-helpers 1.60
ii libbsd0 0.11.3-1
ii libc6 2.31-13+deb11u5
ii libcups2 2.3.3op2-3+deb11u2
ii libgnutls30 3.7.1-5+deb11u2
ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1
hi libldb2 2:2.4.1+mag-1
ii libpam-modules 1.4.0-9+deb11u1
ii libpam-runtime 1.4.0-9+deb11u1
ii libpopt0 1.18-2
pn libpython3.7 <none>
ii libpython3.9 3.9.2-1
ii libtalloc2 2.3.3+mag-1~0mag0
ii libtasn1-6 4.16.0-2
ii libtdb1 1.4.6+mag-1
ii libtevent0 0.11.0+mag-1~0mag0
ii libwbclient0 2:4.16.5+mag-2
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dnspython 2.0.0-1
pn python3-samba <none>
pn samba-common <none>
pn samba-common-bin <none>
pn samba-libs <none>
ii tdb-tools 1.4.6+mag-1
Versions of packages samba recommends:
ii attr 1:2.4.48-6
ii logrotate 3.18.0-2+deb11u1
ii python3-markdown 3.3.4-1
pn samba-dsdb-modules <none>
pn samba-vfs-modules <none>
Versions of packages samba suggests:
pn bind9 <none>
ii bind9-utils [bind9utils] 1:9.16.33-1~deb11u1
ii bind9utils 1:9.16.33-1~deb11u1
ii chrony 4.0-8+deb11u2
pn ctdb <none>
ii ldb-tools 2:2.5.2+samba4.16.5+mag-2
ii smbldap-tools 0.9.11-2
pn ufw <none>
pn winbind <none>
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
index 0bb3ba02287..0525d0d019a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -81,7 +81,7 @@ struct dns_records_container {
uint32_t count;
};
-static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
+static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num,
char ***cur_addrs, uint32_t total,
struct dns_request *reply, int port)
{
@@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t
*a_num,
rr->name->pLabelList->label);
if (addrs[total]) {
total++;
- if (rr->type == QTYPE_A) {
- (*a_num)++;
+ if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) {
+ (*addr_num)++;
}
}
}
@@ -211,7 +211,7 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
struct dns_request *reply;
struct dns_records_container ret;
char **addrs = NULL;
- uint32_t a_num, total;
+ uint32_t addr_num, total;
uint16_t qtype;
TALLOC_CTX *tmp_ctx;
DNS_ERROR err;
@@ -236,12 +236,13 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
}
}
- a_num = total = 0;
- total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port);
+ addr_num = total = 0;
+ total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port);
- if (qtype == QTYPE_AAAA && a_num == 0) {
+ if (qtype == QTYPE_AAAA && addr_num == 0) {
/*
- * DNS server didn't returned A when asked for AAAA records.
+ * DNS server didn't returned A when asked for AAAA records,
+ * and no AAAA record returned either
* Most of the server do it, let's ask for A specificaly.
*/
err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply);
@@ -249,7 +250,7 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
goto done;
}
- total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total,
+ total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total,
reply, port);
}
diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c
index 0bb3ba02287..0525d0d019a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -81,7 +81,7 @@ struct dns_records_container {
uint32_t count;
};
-static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
+static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num,
char ***cur_addrs, uint32_t total,
struct dns_request *reply, int port)
{
@@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t
*a_num,
rr->name->pLabelList->label);
if (addrs[total]) {
total++;
- if (rr->type == QTYPE_A) {
- (*a_num)++;
+ if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) {
+ (*addr_num)++;
}
}
}
@@ -211,7 +211,7 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
struct dns_request *reply;
struct dns_records_container ret;
char **addrs = NULL;
- uint32_t a_num, total;
+ uint32_t addr_num, total;
uint16_t qtype;
TALLOC_CTX *tmp_ctx;
DNS_ERROR err;
@@ -236,12 +236,13 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
}
}
- a_num = total = 0;
- total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port);
+ addr_num = total = 0;
+ total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port);
- if (qtype == QTYPE_AAAA && a_num == 0) {
+ if (qtype == QTYPE_AAAA && addr_num == 0) {
/*
- * DNS server didn't returned A when asked for AAAA records.
+ * DNS server didn't returned A when asked for AAAA records,
+ * and no AAAA record returned either
* Most of the server do it, let's ask for A specificaly.
*/
err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply);
@@ -249,7 +250,7 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
goto done;
}
- total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total,
+ total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total,
reply, port);
}
