[PATCH] net ads gpo list doesn't cope with missing attributes.
Jeremy Allison
jra at samba.org
Wed Mar 15 22:59:14 UTC 2017
Patch for bug:
https://bugzilla.samba.org/show_bug.cgi?id=12695
which was discovered by customers and reproduced
here at Google.
When parsing an LDAP GPO object we insist on the following attributes existing:
displayName
flags
gPCFileSysPath
name
ntSecurityDescriptor
versionNumber
If any are not present we fail listing all GPO objects with an
"Out of memory" error (which is obviously incorrect).
This patch fixes the problem by causing any missing attributes in
ads_parse_gpo() to return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE).
The interfaces to ads_pull_string() and ads_pull_sd() are broken
in that they return NULL for both a talloc fail (out of memory)
and also for a missing attribute in the LDAPMessage * pointer,
so there's no way to tell the difference between these error
cases. This patch causes ads_parse_gpo() to follow the same
convention as other uses of ads_pull_string(), ads_pull_sd(),
which is to assume a NULL return means missing attribute,
not out of memory. Fixing this is a patch for another day :-).
Please review and push if happy !
Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-libgpo-Allow-skipping-GPO-objects-that-don-t-have.patch
Type: text/x-diff
Size: 2790 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170315/1687ff69/0001-s3-libgpo-Allow-skipping-GPO-objects-that-don-t-have.diff>
More information about the samba-technical
mailing list