From 0aec87454b0b2e14b8fa32607d2173caa168d4de Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 2 Jul 2009 15:33:01 +1000
Subject: decrypt all objects in a DRS record, not just the first one

We found this as an object came across from w2k3 with zero values,
which caused a segv when we tried to decrypt the first value
---
 source4/dsdb/repl/replicated_objects.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'source4')

diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index 78af3c8f6d..d96a063599 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -117,14 +117,17 @@ static WERROR dsdb_convert_object(struct ldb_context *ldb,
 		struct drsuapi_DsReplicaMetaData *d;
 		struct replPropertyMetaData1 *m;
 		struct ldb_message_element *e;
+		int j;
 
 		a = &in->object.attribute_ctr.attributes[i];
 		d = &in->meta_data_ctr->meta_data[i];
 		m = &md->ctr.ctr1.array[i];
 		e = &msg->elements[i];
 
-		status = drsuapi_decrypt_attribute(a->value_ctr.values[0].blob, gensec_skey, rid, a);
-		W_ERROR_NOT_OK_RETURN(status);
+		for (j=0; j<a->value_ctr.num_values; j++) {
+			status = drsuapi_decrypt_attribute(a->value_ctr.values[j].blob, gensec_skey, rid, a);
+			W_ERROR_NOT_OK_RETURN(status);
+		}
 
 		status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a, msg->elements, e);
 		W_ERROR_NOT_OK_RETURN(status);
-- 
cgit