summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-06-23 11:16:23 +0200
committerGünther Deschner <gd@samba.org>2009-06-23 11:17:50 +0200
commita6ab195d72ab5b986f278662f1fbbb5d983effec (patch)
treee85a52d15126b22093523b3c3a3b06b42c60a41e
parente4dec230e971a761d3ff9a31013f130d55e63fd0 (diff)
downloadsamba-a6ab195d72ab5b986f278662f1fbbb5d983effec.tar.gz
samba-a6ab195d72ab5b986f278662f1fbbb5d983effec.tar.bz2
samba-a6ab195d72ab5b986f278662f1fbbb5d983effec.zip
s3-lsa: Fix error path in _lsa_EnumAccountRights.
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND again as described in MS-LSAD 3.1.4.5.10 and tested with the RPC-SAMR-USER-PRIVILEGES test. Guenther
-rw-r--r--source3/rpc_server/srv_lsa_nt.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 8773c29350..3e44c8e777 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2152,9 +2152,18 @@ NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
sid_copy( &sid, r->in.sid );
- get_privileges_for_sids(&mask, &sid, 1);
+ /* according to MS-LSAD 3.1.4.5.10 it is required to return
+ * NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
+ * the lsa database */
- privilege_set_init( &privileges );
+ if (!get_privileges_for_sids(&mask, &sid, 1)) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ status = privilege_set_init(&privileges);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
se_priv_to_privilege_set(&privileges, &mask);