git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0f347e4)
s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search.
authorDaniel Liberman <dliberman@lenovoemc.com>
Wed, 22 Jan 2014 00:25:41 +0000 (16:25 -0800)
committerJeremy Allison <jra@samba.org>
Thu, 23 Jan 2014 00:40:54 +0000 (01:40 +0100)
"Inside ads_do_search_all_args(), if the first call to ads_do_paged_search_args()
fails, the proper error status is returned.

But, if the execution is already inside the loop to get all the accounts doing
several calls to ads_do_paged_search_args(), and one of these calls times out,
the status returned is from the *first* call, so success. This causes
net_ads_search() to interpret the return from ads_do_search_retry() as
success and print all the accounts returned, but it’s only a subset."

Also ensure we free previously returned results on error
in subsequent fetches.

https://bugzilla.samba.org/show_bug.cgi?id=10387

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 23 01:40:54 CET 2014 on sn-devel-104

source3/libads/ldap.c patch | blob | history

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 12aacd4662069e262971aedce41a146f2d986ccb..10ac8fc334dc77526392b91971942b3202e4bb9b 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1140,13 +1140,16 @@ static ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path,
 #ifdef HAVE_LDAP_ADD_RESULT_ENTRY
        while (cookie) {
                LDAPMessage *res2 = NULL;
-               ADS_STATUS status2;
                LDAPMessage *msg, *next;
 
-               status2 = ads_do_paged_search_args(ads, bind_path, scope, expr, 
+               status = ads_do_paged_search_args(ads, bind_path, scope, expr,
                                              attrs, args, &res2, &count, &cookie);
-
-               if (!ADS_ERR_OK(status2)) break;
+               if (!ADS_ERR_OK(status)) {
+                       /* Ensure we free all collected results */
+                       ads_msgfree(ads, *res);
+                       *res = NULL;
+                       break;
+               }
 
                /* this relies on the way that ldap_add_result_entry() works internally. I hope
                   that this works on all ldap libs, but I have only tested with openldap */
Michael's Samba GIT