[PATCH] net ads gpo list doesn't cope with missing attributes.

Andreas Schneider asn at samba.org
Fri Mar 17 15:07:35 UTC 2017


On Wednesday, 15 March 2017 23:59:14 CET Jeremy Allison via samba-technical 
wrote:
> Patch for bug:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=12695
> 
> which was discovered by customers and reproduced
> here at Google.
> 
> When parsing an LDAP GPO object we insist on the following attributes
> existing:
> 
> displayName
> flags
> gPCFileSysPath
> name
> ntSecurityDescriptor
> versionNumber
> 
> If any are not present we fail listing all GPO objects with an
> "Out of memory" error (which is obviously incorrect).
> 
> This patch fixes the problem by causing any missing attributes in
> ads_parse_gpo() to return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE).
> 
> The interfaces to ads_pull_string() and ads_pull_sd() are broken
> in that they return NULL for both a talloc fail (out of memory)
> and also for a missing attribute in the LDAPMessage * pointer,
> so there's no way to tell the difference between these error
> cases. This patch causes ads_parse_gpo() to follow the same
> convention as other uses of ads_pull_string(), ads_pull_sd(),
> which is to assume a NULL return means missing attribute,
> not out of memory. Fixing this is a patch for another day :-).
> 
> Please review and push if happy !

Pushed by gd

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list