samba/samba-4.19-fix-gpupdate-site-aware.patch

From 372b8f15ccf37c491f43ec7ab81be692ff0fcfed Mon Sep 17 00:00:00 2001
From: David Mulder <dmulder@samba.org>
Date: Fri, 5 Jan 2024 08:47:07 -0700
Subject: [PATCH] WIP: gp: Skip site GP list if no site is found

[MS-GPOL] 3.2.5.1.4 Site Search says if the site
search returns ERROR_NO_SITENAME, the GP site
search should be skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548

Signed-off-by: David Mulder <dmulder@samba.org>
---
 python/samba/gp/gpclass.py | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index b7a0dcb0ed5..26c2386847e 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -896,19 +896,25 @@ def get_gpo_list(dc_hostname, creds, lp, username):
 
     # (S)ite
     if gpo_list_machine:
-        site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username)
-
         try:
-            log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn)
-            gp_link = get_gpo_link(samdb, site_dn)
-        except ldb.LdbError as e:
-            (enum, estr) = e.args
-            log.debug(estr)
-        else:
-            add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list,
-                                   site_dn, gp_link,
-                                   gpo.GP_LINK_SITE,
-                                   add_only_forced_gpos, token)
+            site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username)
+
+            try:
+                log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn)
+                gp_link = get_gpo_link(samdb, site_dn)
+            except ldb.LdbError as e:
+                (enum, estr) = e.args
+                log.debug(estr)
+            else:
+                add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list,
+                                       site_dn, gp_link,
+                                       gpo.GP_LINK_SITE,
+                                       add_only_forced_gpos, token)
+        except ldb.LdbError:
+            # [MS-GPOL] 3.2.5.1.4 Site Search: If the method returns
+            # ERROR_NO_SITENAME, the remainder of this message MUST be skipped
+            # and the protocol sequence MUST continue at GPO Search
+            pass
 
     # (L)ocal
     gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
-- 
GitLab