1 files changed, 50 insertions, 36 deletions

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 2dcd1fd6ae..932e42e076 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -301,11 +301,11 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
 			if ( use_own_domain )
 				c_realm = lp_workgroup();
 		}
+	}
 
-		if ( !c_realm || !*c_realm ) {
-			DEBUG(0,("ads_find_dc: no realm or workgroup!  Don't know what to do\n"));
-			return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
-		}
+	if ( !c_realm || !*c_realm ) {
+		DEBUG(0,("ads_find_dc: no realm or workgroup!  Don't know what to do\n"));
+		return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
 	}
 
 	realm = c_realm;
@@ -3111,60 +3111,66 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
 
 /**
  * pull a DOM_SID from an extended dn string
- * @param mem_ctx TALLOC_CTX 
+ * @param mem_ctx TALLOC_CTX
  * @param extended_dn string
  * @param flags string type of extended_dn
  * @param sid pointer to a DOM_SID
- * @return boolean inidicating success
+ * @return NT_STATUS_OK on success,
+ *	   NT_INVALID_PARAMETER on error,
+ *	   NT_STATUS_NOT_FOUND if no SID present
  **/
-bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, 
-				  const char *extended_dn, 
-				  enum ads_extended_dn_flags flags, 
-				  DOM_SID *sid)
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+					const char *extended_dn,
+					enum ads_extended_dn_flags flags,
+					DOM_SID *sid)
 {
 	char *p, *q, *dn;
 
 	if (!extended_dn) {
-		return False;
+		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
 
 	/* otherwise extended_dn gets stripped off */
 	if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) {
-		return False;
+		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
-	/* 
+	/*
 	 * ADS_EXTENDED_DN_HEX_STRING:
 	 * <GUID=238e1963cb390f4bb032ba0105525a29>;<SID=010500000000000515000000bb68c8fd6b61b427572eb04556040000>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
 	 *
 	 * ADS_EXTENDED_DN_STRING (only with w2k3):
-	<GUID=63198e23-39cb-4b0f-b032-ba0105525a29>;<SID=S-1-5-21-4257769659-666132843-1169174103-1110>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
+	 * <GUID=63198e23-39cb-4b0f-b032-ba0105525a29>;<SID=S-1-5-21-4257769659-666132843-1169174103-1110>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
+	 *
+	 * Object with no SID, such as an Exchange Public Folder
+	 * <GUID=28907fb4bdf6854993e7f0a10b504e7c>;CN=public,CN=Microsoft Exchange System Objects,DC=sd2k3ms,DC=west,DC=isilon,DC=com
 	 */
 
 	p = strchr(dn, ';');
 	if (!p) {
-		return False;
+		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
 
 	if (strncmp(p, ";<SID=", strlen(";<SID=")) != 0) {
-		return False;
+		DEBUG(5,("No SID present in extended dn\n"));
+		return ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
 	}
 
 	p += strlen(";<SID=");
 
 	q = strchr(p, '>');
 	if (!q) {
-		return False;
+		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
-	
+
 	*q = '\0';
 
 	DEBUG(100,("ads_get_sid_from_extended_dn: sid string is %s\n", p));
 
 	switch (flags) {
-	
+
 	case ADS_EXTENDED_DN_STRING:
 		if (!string_to_sid(sid, p)) {
-			return False;
+			return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 		}
 		break;
 	case ADS_EXTENDED_DN_HEX_STRING: {
@@ -3173,21 +3179,21 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
 
 		buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p));
 		if (buf_len == 0) {
-			return False;
+			return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 		}
 
 		if (!sid_parse(buf, buf_len, sid)) {
 			DEBUG(10,("failed to parse sid\n"));
-			return False;
+			return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 		}
 		break;
 		}
 	default:
 		DEBUG(10,("unknown extended dn format\n"));
-		return False;
+		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
 
-	return True;
+	return ADS_ERROR_NT(NT_STATUS_OK);
 }
 
 /**
@@ -3200,18 +3206,19 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
  * @param sids pointer to sid array to allocate
  * @return the count of SIDs pulled
  **/
- int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads, 
-				   TALLOC_CTX *mem_ctx, 
-				   LDAPMessage *msg, 
+ int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads,
+				   TALLOC_CTX *mem_ctx,
+				   LDAPMessage *msg,
 				   const char *field,
 				   enum ads_extended_dn_flags flags,
 				   DOM_SID **sids)
 {
 	int i;
-	size_t dn_count;
+	ADS_STATUS rc;
+	size_t dn_count, ret_count = 0;
 	char **dn_strings;
 
-	if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, 
+	if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field,
 					   &dn_count)) == NULL) {
 		return 0;
 	}
@@ -3223,18 +3230,25 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
 	}
 
 	for (i=0; i<dn_count; i++) {
-
-		if (!ads_get_sid_from_extended_dn(mem_ctx, dn_strings[i], 
-						  flags, &(*sids)[i])) {
-			TALLOC_FREE(*sids);
-			TALLOC_FREE(dn_strings);
-			return 0;
+		rc = ads_get_sid_from_extended_dn(mem_ctx, dn_strings[i],
+						  flags, &(*sids)[i]);
+		if (!ADS_ERR_OK(rc)) {
+			if (NT_STATUS_EQUAL(ads_ntstatus(rc),
+			    NT_STATUS_NOT_FOUND)) {
+				continue;
+			}
+			else {
+				TALLOC_FREE(*sids);
+				TALLOC_FREE(dn_strings);
+				return 0;
+			}
 		}
+		ret_count++;
 	}
 
 	TALLOC_FREE(dn_strings);
 
-	return dn_count;
+	return ret_count;
 }
 
 /********************************************************************