mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
We expect the following attributes to be present in an LDAP GPO object: displayName flags gPCFileSysPath name ntSecurityDescriptor versionNumber and fail if a result is returned without them. Change this to skip results that don't contain these attributes instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12695 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
parent
59229276bc
commit
24622bab3a
@ -424,24 +424,30 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
|||||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path);
|
ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path);
|
||||||
|
|
||||||
if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) {
|
if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) {
|
||||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) {
|
if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) {
|
||||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||||
}
|
}
|
||||||
|
|
||||||
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res,
|
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res,
|
||||||
"gPCFileSysPath");
|
"gPCFileSysPath");
|
||||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path);
|
if (gpo->file_sys_path == NULL) {
|
||||||
|
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||||
|
}
|
||||||
|
|
||||||
gpo->display_name = ads_pull_string(ads, mem_ctx, res,
|
gpo->display_name = ads_pull_string(ads, mem_ctx, res,
|
||||||
"displayName");
|
"displayName");
|
||||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name);
|
if (gpo->display_name == NULL) {
|
||||||
|
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||||
|
}
|
||||||
|
|
||||||
gpo->name = ads_pull_string(ads, mem_ctx, res,
|
gpo->name = ads_pull_string(ads, mem_ctx, res,
|
||||||
"name");
|
"name");
|
||||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->name);
|
if (gpo->name == NULL) {
|
||||||
|
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||||
|
}
|
||||||
|
|
||||||
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res,
|
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res,
|
||||||
"gPCMachineExtensionNames");
|
"gPCMachineExtensionNames");
|
||||||
@ -450,7 +456,9 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
|||||||
|
|
||||||
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor",
|
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor",
|
||||||
&gpo->security_descriptor);
|
&gpo->security_descriptor);
|
||||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
|
if (gpo->security_descriptor == NULL) {
|
||||||
|
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||||
|
}
|
||||||
|
|
||||||
return ADS_ERROR(LDAP_SUCCESS);
|
return ADS_ERROR(LDAP_SUCCESS);
|
||||||
}
|
}
|
||||||
@ -586,6 +594,13 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
|
|||||||
if (!ADS_ERR_OK(status)) {
|
if (!ADS_ERR_OK(status)) {
|
||||||
DEBUG(10,("failed to get gpo: %s\n",
|
DEBUG(10,("failed to get gpo: %s\n",
|
||||||
gp_link->link_names[i]));
|
gp_link->link_names[i]));
|
||||||
|
if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
|
||||||
|
(status.err.rc == LDAP_NO_SUCH_ATTRIBUTE)) {
|
||||||
|
DEBUG(10,("skipping empty gpo: %s\n",
|
||||||
|
gp_link->link_names[i]));
|
||||||
|
talloc_free(new_gpo);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user