From 8c0391d38e53a356aabc6e2c9fdf747a1f1f16d5 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 20 Dec 2021 17:48:44 +0100
Subject: [PATCH] dsdb/schema: let dsdb_syntax_DN_BINARY_drsuapi_to_ldb return
 WERR_DS_INVALID_ATTRIBUTE_SYNTAX

When Object(OR-Name) uses dsdb_syntax_DN_BINARY_drsuapi_to_ldb() it
should genrate WERR_DS_INVALID_ATTRIBUTE_SYNTAX if the binary part
is not empty.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 12 03:09:52 UTC 2022 on sn-devel-184
---
 source4/dsdb/schema/schema_syntax.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 82b42908135..b3df10a0217 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -2055,7 +2055,15 @@ static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(const struct dsdb_syntax_ctx
 		/* set binary stuff */
 		dsdb_dn = dsdb_dn_construct(tmp_ctx, dn, id3.binary, attr->syntax->ldap_oid);
 		if (!dsdb_dn) {
-			/* If this fails, it must be out of memory, we know the ldap_oid is valid */
+			if (errno == EINVAL) {
+				/*
+				 * This might be Object(OR-Name)
+				 * failing because of a non empty
+				 * binary part.
+				 */
+				talloc_free(tmp_ctx);
+				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+			}
 			talloc_free(tmp_ctx);
 			W_ERROR_HAVE_NO_MEMORY(dsdb_dn);
 		}
-- 
2.34.1