From 24622bab3a6f1e959c79dc9fc1850e9e64b15adc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 15 Mar 2017 13:52:05 -0700 Subject: [PATCH] s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. We expect the following attributes to be present in an LDAP GPO object: displayName flags gPCFileSysPath name ntSecurityDescriptor versionNumber and fail if a result is returned without them. Change this to skip results that don't contain these attributes instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12695 Signed-off-by: Jeremy Allison Reviewed-by: Guenther Deschner --- libgpo/gpo_ldap.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c index 9a95f8be028..4533d61a1e3 100644 --- a/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -424,24 +424,30 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path); if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) { - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); } if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) { - return ADS_ERROR(LDAP_NO_MEMORY); + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); } gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res, "gPCFileSysPath"); - ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path); + if (gpo->file_sys_path == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } gpo->display_name = ads_pull_string(ads, mem_ctx, res, "displayName"); - ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name); + if (gpo->display_name == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } gpo->name = ads_pull_string(ads, mem_ctx, res, "name"); - ADS_ERROR_HAVE_NO_MEMORY(gpo->name); + if (gpo->name == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res, "gPCMachineExtensionNames"); @@ -450,7 +456,9 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor", &gpo->security_descriptor); - ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor); + if (gpo->security_descriptor == NULL) { + return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); + } return ADS_ERROR(LDAP_SUCCESS); } @@ -586,6 +594,13 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, if (!ADS_ERR_OK(status)) { DEBUG(10,("failed to get gpo: %s\n", gp_link->link_names[i])); + if ((status.error_type == ENUM_ADS_ERROR_LDAP) && + (status.err.rc == LDAP_NO_SUCH_ATTRIBUTE)) { + DEBUG(10,("skipping empty gpo: %s\n", + gp_link->link_names[i])); + talloc_free(new_gpo); + continue; + } return status; }