s4:lsa RPC - fix up "gendb_*" result codes

Make the resultcodes consistent: that means:
result < 0  -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical
               error
result >= 0 -> depends on the function usage. I tried to let the logic always as
               it was before.

2 files changed, 34 insertions, 33 deletions

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 937ae70a33..7c92a1560e 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -697,7 +697,7 @@ static NTSTATUS dcesrv_lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALL
 	ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs, 
 			   "(&(objectSid=*)(privilege=*))");
 	if (ret < 0) {
-		return NT_STATUS_NO_SUCH_USER;
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
 	if (*r->in.resume_handle >= ret) {
@@ -1626,7 +1626,7 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
 	   resumed based on resume_key */
 	count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs, 
 			     "objectclass=trustedDomain");
-	if (count == -1) {
+	if (count < 0) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
@@ -1719,7 +1719,7 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca
 	   resumed based on resume_key */
 	count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs, 
 			     "objectclass=trustedDomain");
-	if (count == -1) {
+	if (count < 0) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
@@ -1844,6 +1844,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
 
 	ret = gendb_search(astate->policy->pdb, mem_ctx, NULL, &res, attrs, 
 			   "objectSid=%s", sidstr);
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
 	if (ret != 1) {
 		return NT_STATUS_OK;
 	}
@@ -1904,10 +1907,7 @@ static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
 	if (ret == 0) {
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
-	if (ret > 1) {
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-	}
-	if (ret == -1) {
+	if (ret != 1) {
 		DEBUG(3, ("searching for account rights for SID: %s failed: %s", 
 			  dom_sid_string(mem_ctx, r->in.sid),
 			  ldb_errstring(state->pdb)));
@@ -2295,7 +2295,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
 			return NT_STATUS_OBJECT_NAME_COLLISION;
 		}
 		
-		if (ret == -1) {
+		if (ret < 0) {
 			DEBUG(0,("Failure searching for CN=%s: %s\n", 
 				 name2, ldb_errstring(secret_state->sam_ldb)));
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2328,7 +2328,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
 			return NT_STATUS_OBJECT_NAME_COLLISION;
 		}
 		
-		if (ret == -1) {
+		if (ret < 0) {
 			DEBUG(0,("Failure searching for CN=%s: %s\n", 
 				 name, ldb_errstring(secret_state->sam_ldb)));
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2907,7 +2907,7 @@ static NTSTATUS dcesrv_lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *d
 
 	ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs, 
 			   "privilege=%s", privname);
-	if (ret == -1) {
+	if (ret < 0) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 	if (ret == 0) {
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 7e13f4e18a..f5f0926b0d 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -379,12 +379,11 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
 	}
 
 	ret = gendb_search_dn(state->sam_ldb, mem_ctx, domain_dn, &res, attrs);
-	if (ret == 1) {
-		domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
-		if (domain_sid == NULL) {
-			return NT_STATUS_INVALID_SID;
-		}
-	} else {
+	if (ret != 1) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+	if (domain_sid == NULL) {
 		return NT_STATUS_INVALID_SID;
 	}
 
@@ -398,8 +397,8 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
 	ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs, 
 			   "(&(sAMAccountName=%s)(objectSid=*))", 
 			   ldb_binary_encode_string(mem_ctx, username));
-	if (ret == -1) {
-		return NT_STATUS_INVALID_SID;
+	if (ret < 0) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
 	for (i=0; i < ret; i++) {
@@ -511,28 +510,30 @@ static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX
 		return NT_STATUS_NOT_FOUND;
 	}
 
+	/* need to re-add a check for an allocated sid */
+
 	ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs, 
 			   "objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
-	if (ret == 1) {
-		*name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
+	if ((ret < 0) || (ret > 1)) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	if (ret == 0) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	*name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
+	if (!*name) {
+		*name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
 		if (!*name) {
-			*name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
-			if (!*name) {
-				*name = talloc_strdup(mem_ctx, sid_str);
-				NT_STATUS_HAVE_NO_MEMORY(*name);
-			}
+			*name = talloc_strdup(mem_ctx, sid_str);
+			NT_STATUS_HAVE_NO_MEMORY(*name);
 		}
-
-		atype = samdb_result_uint(res[0], "sAMAccountType", 0);
-
-		*rtype = ds_atype_map(atype);
-
-		return NT_STATUS_OK;
 	}
 
-	/* need to re-add a check for an allocated sid */
+	atype = samdb_result_uint(res[0], "sAMAccountType", 0);
+	*rtype = ds_atype_map(atype);
 
-	return NT_STATUS_NOT_FOUND;
+	return NT_STATUS_OK;
 }