Entries in registry.pol.xml can have empty value entries after backup. This leads to an exception during restore and subsequent failure of restoring a GPO. Sample entry: <Entry type="7" type_name="REG_MULTI_SZ"> <Key>SOFTWARE\Policies\Microsoft\Windows\AppPrivacy</Key> <ValueName>LetAppsAccessCamera_UserInControlOfTheseApps</ValueName> <Value/> </Entry> There is a check for empty REG_SZ and REG_EXPAND_SZ but not for REG_MULTI_SZ.
Created attachment 16589 [details] Proposed patch
This looks good to me - but is there a specific registry.pol.xml we can add a test empty value to in order to regression test the fix is good ? Can we add one to: source4/selftest/provisions/generalized-gpo-backup/policy/{1E1DC8EA-390C-4800-B327-98B56A0AEA5D}/Machine/Registry.pol.xml or: source4/selftest/provisions/generalized-gpo-backup/policy/{1E1DC8EA-390C-4800-B327-98B56A0AEA5D}/User/Registry.pol.xml for a test ?
Created attachment 16598 [details] Added Registry.pol.xml for testing
(In reply to Jeremy Allison from comment #2) I've updated the patch to include the GPO "Let Windows apps access the camera" which has multiple empty REG_MULTI_SZ values. Should I also update the binary Registry.pol.SAMBABACKUP file?
I think that covers the testing part, yes ? Once it's in that file I think the selftests will pack/unpack it - correct ? If that's so I think this patch is good to go.
Created attachment 16601 [details] Patch passing test suite
(In reply to Jeremy Allison from comment #5) Ran the test suite and the previous patch didn't pass. I've updated the patch so it passes the selftest (Registry.pol.SAMBABACKUP need updating too).
hm, selftest still seems to succeed with the extended test but without the fix
This bug is fixed in commit d5d96bed02fab78386fad908e4dd18c1adcd4795 (gp_pol: Allow null data for REG_MULTI_SZ). We can go ahead and close this issue.