From aeaf8775717840aba3e0ccefc86ab36ba43cb3f3 Mon Sep 17 00:00:00 2001 From: Daniel Liberman Date: Tue, 21 Jan 2014 16:25:41 -0800 Subject: [PATCH] s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "Inside ads_do_search_all_args(), if the first call to ads_do_paged_search_args() fails, the proper error status is returned. But, if the execution is already inside the loop to get all the accounts doing several calls to ads_do_paged_search_args(), and one of these calls times out, the status returned is from the *first* call, so success. This causes net_ads_search() to interpret the return from ads_do_search_retry() as success and print all the accounts returned, but it’s only a subset." Also ensure we free previously returned results on error in subsequent fetches. https://bugzilla.samba.org/show_bug.cgi?id=10387 Reviewed-by: Jeremy Allison Reviewed-by: Richard Sharpe Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jan 23 01:40:54 CET 2014 on sn-devel-104 (cherry picked from commit b04e8b7557b82a4b96cf74db04742fb017edb3ba) --- source3/libads/ldap.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index c8ef5b5..fb99132 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1143,13 +1143,16 @@ static ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, #ifdef HAVE_LDAP_ADD_RESULT_ENTRY while (cookie) { LDAPMessage *res2 = NULL; - ADS_STATUS status2; LDAPMessage *msg, *next; - status2 = ads_do_paged_search_args(ads, bind_path, scope, expr, + status = ads_do_paged_search_args(ads, bind_path, scope, expr, attrs, args, &res2, &count, &cookie); - - if (!ADS_ERR_OK(status2)) break; + if (!ADS_ERR_OK(status)) { + /* Ensure we free all collected results */ + ads_msgfree(ads, *res); + *res = NULL; + break; + } /* this relies on the way that ldap_add_result_entry() works internally. I hope that this works on all ldap libs, but I have only tested with openldap */ -- 1.8.5.3