s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search.

"Inside ads_do_search_all_args(), if the first call to ads_do_paged_search_args()
fails, the proper error status is returned.

But, if the execution is already inside the loop to get all the accounts doing
several calls to ads_do_paged_search_args(), and one of these calls times out,
the status returned is from the *first* call, so success. This causes
net_ads_search() to interpret the return from ads_do_search_retry() as
success and print all the accounts returned, but it’s only a subset."

Also ensure we free previously returned results on error
in subsequent fetches.

https://bugzilla.samba.org/show_bug.cgi?id=10387

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 23 01:40:54 CET 2014 on sn-devel-104

1 files changed, 7 insertions, 4 deletions

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 12aacd4662..10ac8fc334 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1140,13 +1140,16 @@ static ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path,
 #ifdef HAVE_LDAP_ADD_RESULT_ENTRY
 	while (cookie) {
 		LDAPMessage *res2 = NULL;
-		ADS_STATUS status2;
 		LDAPMessage *msg, *next;
 
-		status2 = ads_do_paged_search_args(ads, bind_path, scope, expr, 
+		status = ads_do_paged_search_args(ads, bind_path, scope, expr,
 					      attrs, args, &res2, &count, &cookie);
-
-		if (!ADS_ERR_OK(status2)) break;
+		if (!ADS_ERR_OK(status)) {
+			/* Ensure we free all collected results */
+			ads_msgfree(ads, *res);
+			*res = NULL;
+			break;
+		}
 
 		/* this relies on the way that ldap_add_result_entry() works internally. I hope
 		   that this works on all ldap libs, but I have only tested with openldap */