From 9b03286b32a916dbef59f1459eefa01f0ebfeed3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Mar 2007 00:59:06 +0000 Subject: r21806: I've been working over the last week to fix up the LDAP backend for Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817) --- source4/libcli/cldap/cldap.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'source4/libcli/cldap/cldap.c') diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c index 9dfa8e81b1..96b60da25f 100644 --- a/source4/libcli/cldap/cldap.c +++ b/source4/libcli/cldap/cldap.c @@ -107,8 +107,9 @@ static void cldap_socket_recv(struct cldap_socket *cldap) } /* this initial decode is used to find the message id */ - if (!ldap_decode(&asn1, ldap_msg)) { - DEBUG(2,("Failed to decode ldap message\n")); + status = ldap_decode(&asn1, ldap_msg); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("Failed to decode ldap message: %s\n", nt_errstr(status))); talloc_free(tmp_ctx); return; } @@ -428,6 +429,7 @@ NTSTATUS cldap_search_recv(struct cldap_request *req, struct cldap_search *io) { struct ldap_message *ldap_msg; + NTSTATUS status; if (req == NULL) { return NT_STATUS_NO_MEMORY; @@ -448,9 +450,11 @@ NTSTATUS cldap_search_recv(struct cldap_request *req, ldap_msg = talloc(mem_ctx, struct ldap_message); NT_STATUS_HAVE_NO_MEMORY(ldap_msg); - if (!ldap_decode(&req->asn1, ldap_msg)) { + status = ldap_decode(&req->asn1, ldap_msg); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("Failed to decode cldap search reply: %s\n", nt_errstr(status))); talloc_free(req); - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); + return status; } ZERO_STRUCT(io->out); @@ -462,9 +466,11 @@ NTSTATUS cldap_search_recv(struct cldap_request *req, *io->out.response = ldap_msg->r.SearchResultEntry; /* decode the 2nd part */ - if (!ldap_decode(&req->asn1, ldap_msg)) { + status = ldap_decode(&req->asn1, ldap_msg); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2,("Failed to decode cldap search result entry: %s\n", nt_errstr(status))); talloc_free(req); - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); + return status; } } -- cgit