diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-06-13 14:13:26 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-06-13 14:18:27 +0200 |
commit | 122214b16bb2d247c8040728a6b0964531596ea9 (patch) | |
tree | a165137bcb2ede5fc7edb5947f6d83985e4faa45 | |
parent | 5959affa031843d741513000fb382efe54ff147b (diff) | |
download | samba-122214b16bb2d247c8040728a6b0964531596ea9.tar.gz samba-122214b16bb2d247c8040728a6b0964531596ea9.tar.bz2 samba-122214b16bb2d247c8040728a6b0964531596ea9.zip |
dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
Every object has a nTSecurityDescriptor attribute.
This also avoids potential segfaults in the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source4/dsdb/common/dsdb_access.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index 84005b3e5e..b918220a06 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -64,9 +64,9 @@ int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb, enum ndr_err_code ndr_err; sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor"); - if (!sd_element) { - *sd = NULL; - return LDB_SUCCESS; + if (sd_element == NULL) { + return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS, + "nTSecurityDescriptor is missing"); } *sd = talloc(mem_ctx, struct security_descriptor); if(!*sd) { |