summaryrefslogtreecommitdiff
path: root/libgpo
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2017-03-15 13:52:05 -0700
committerJeremy Allison <jra@samba.org>2017-03-16 20:30:19 +0100
commit24622bab3a6f1e959c79dc9fc1850e9e64b15adc (patch)
treef27c7ddd867d40534fb72077e12eb2cdff6351c6 /libgpo
parent59229276bcf5e2b7fa0ddf3ceb6fd3adccc01f9a (diff)
downloadsamba-24622bab3a6f1e959c79dc9fc1850e9e64b15adc.tar.gz
s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
We expect the following attributes to be present in an LDAP GPO object: displayName flags gPCFileSysPath name ntSecurityDescriptor versionNumber and fail if a result is returned without them. Change this to skip results that don't contain these attributes instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12695 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'libgpo')
-rw-r--r--libgpo/gpo_ldap.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 9a95f8be028..4533d61a1e3 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -424,24 +424,30 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path);
if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res,
"gPCFileSysPath");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path);
+ if (gpo->file_sys_path == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->display_name = ads_pull_string(ads, mem_ctx, res,
"displayName");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name);
+ if (gpo->display_name == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->name = ads_pull_string(ads, mem_ctx, res,
"name");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->name);
+ if (gpo->name == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res,
"gPCMachineExtensionNames");
@@ -450,7 +456,9 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor",
&gpo->security_descriptor);
- ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
+ if (gpo->security_descriptor == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
return ADS_ERROR(LDAP_SUCCESS);
}
@@ -586,6 +594,13 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
if (!ADS_ERR_OK(status)) {
DEBUG(10,("failed to get gpo: %s\n",
gp_link->link_names[i]));
+ if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
+ (status.err.rc == LDAP_NO_SUCH_ATTRIBUTE)) {
+ DEBUG(10,("skipping empty gpo: %s\n",
+ gp_link->link_names[i]));
+ talloc_free(new_gpo);
+ continue;
+ }
return status;
}