diff options
author | Jeremy Allison <jra@samba.org> | 2017-03-15 13:52:05 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2017-03-16 20:30:19 +0100 |
commit | 24622bab3a6f1e959c79dc9fc1850e9e64b15adc (patch) | |
tree | f27c7ddd867d40534fb72077e12eb2cdff6351c6 /libgpo | |
parent | 59229276bcf5e2b7fa0ddf3ceb6fd3adccc01f9a (diff) | |
download | samba-24622bab3a6f1e959c79dc9fc1850e9e64b15adc.tar.gz |
s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
We expect the following attributes to be present in an LDAP GPO object:
displayName
flags
gPCFileSysPath
name
ntSecurityDescriptor
versionNumber
and fail if a result is returned without them. Change this
to skip results that don't contain these attributes instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12695
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'libgpo')
-rw-r--r-- | libgpo/gpo_ldap.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c index 9a95f8be028..4533d61a1e3 100644 --- a/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -424,24 +424,30 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path); if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) { - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); } if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) { - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); } gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res, "gPCFileSysPath"); - ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path); + if (gpo->file_sys_path == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } gpo->display_name = ads_pull_string(ads, mem_ctx, res, "displayName"); - ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name); + if (gpo->display_name == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } gpo->name = ads_pull_string(ads, mem_ctx, res, "name"); - ADS_ERROR_HAVE_NO_MEMORY(gpo->name); + if (gpo->name == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res, "gPCMachineExtensionNames"); @@ -450,7 +456,9 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor", &gpo->security_descriptor); - ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor); + if (gpo->security_descriptor == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } return ADS_ERROR(LDAP_SUCCESS); } @@ -586,6 +594,13 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, if (!ADS_ERR_OK(status)) { DEBUG(10,("failed to get gpo: %s\n", gp_link->link_names[i])); + if ((status.error_type == ENUM_ADS_ERROR_LDAP) && + (status.err.rc == LDAP_NO_SUCH_ATTRIBUTE)) { + DEBUG(10,("skipping empty gpo: %s\n", + gp_link->link_names[i])); + talloc_free(new_gpo); + continue; + } return status; } |