[PATCH] net ads gpo list doesn't cope with missing attributes.
Andreas Schneider
asn at samba.org
Fri Mar 17 15:07:35 UTC 2017
On Wednesday, 15 March 2017 23:59:14 CET Jeremy Allison via samba-technical
wrote:
> Patch for bug:
>
> https://bugzilla.samba.org/show_bug.cgi?id=12695
>
> which was discovered by customers and reproduced
> here at Google.
>
> When parsing an LDAP GPO object we insist on the following attributes
> existing:
>
> displayName
> flags
> gPCFileSysPath
> name
> ntSecurityDescriptor
> versionNumber
>
> If any are not present we fail listing all GPO objects with an
> "Out of memory" error (which is obviously incorrect).
>
> This patch fixes the problem by causing any missing attributes in
> ads_parse_gpo() to return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE).
>
> The interfaces to ads_pull_string() and ads_pull_sd() are broken
> in that they return NULL for both a talloc fail (out of memory)
> and also for a missing attribute in the LDAPMessage * pointer,
> so there's no way to tell the difference between these error
> cases. This patch causes ads_parse_gpo() to follow the same
> convention as other uses of ads_pull_string(), ads_pull_sd(),
> which is to assume a NULL return means missing attribute,
> not out of memory. Fixing this is a patch for another day :-).
>
> Please review and push if happy !
Pushed by gd
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list