namequery: correctly merge kdc ip address list

When finding DCs, there are three sources of addresses:
1. "Last good server"
2. Configured password server
3. SRV DNS queries

Since those different sources may return the same addresses, the
IP list is checked for duplicates, e.g. in order to save on
the LDAP ping that usually follows. Both IP address and port are
compared.

This change fixes the address duplicate removal for the case of KDC
search, where the "last good server" or configured password server
also appears in the DNS SRV query response.

An (undocumented?) assumption is that the "password server" parameter
is applicable to KDCs as well, but if a port is specified (e.g.
dc1.example.com:390), then this is the ldap port.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 54bc79f254d3496ab065e0ea24a258f8c4a1a7e7..7ef555200750a0acb665455ccede3b75604cb10a 100644 (file)
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -27,6 +27,7 @@
 #include "lib/tsocket/tsocket.h"
 #include "libsmb/nmblib.h"
 #include "../libcli/nbt/libnbt.h"
+#include "libads/kerberos_proto.h"
 
 /* nmbd.c sets this to True. */
 bool global_in_nmbd = False;
@@ -3239,13 +3240,19 @@ static NTSTATUS get_dc_list(const char *domain,
                /* added support for address:port syntax for ads
                 * (not that I think anyone will ever run the LDAP
                 * server in an AD domain on something other than
-                * port 389 */
+                * port 389
+                * However, the port should not be used for kerberos
+                */
 
-               port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
+               port = (lookup_type == DC_ADS_ONLY) ? LDAP_PORT :
+                       ((lookup_type == DC_KDC_ONLY) ? DEFAULT_KRB5_PORT :
+                        PORT_NONE);
                if ((port_str=strchr(name, ':')) != NULL) {
                        *port_str = '\0';
-                       port_str++;
-                       port = atoi(port_str);
+                       if (lookup_type != DC_KDC_ONLY) {
+                               port_str++;
+                               port = atoi(port_str);
+                       }
                }
 
                /* explicit lookup; resolve_name() will