Ensure we return a parseable value if invalid handle given.

Jeremy.
(This used to be commit f169f3f4df81537426f708d68da44e0fc40ad15e)

1 files changed, 17 insertions, 17 deletions

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index c044340456..e6fc66b672 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -574,6 +574,9 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_
 	LSA_TRANS_NAME_ENUM *names = NULL;
 	uint32 mapped_count = 0;
 
+	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
+	names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
+
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
@@ -581,9 +584,6 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_
 	if (!(handle->access & POLICY_LOOKUP_NAMES))
 		return NT_STATUS_ACCESS_DENIED;
 
-	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
-	names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
-
 	if (!ref || !names)
 		return NT_STATUS_NO_MEMORY;
 
@@ -607,13 +607,6 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP
 	DOM_RID2 *rids;
 	uint32 mapped_count = 0;
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
-		return NT_STATUS_INVALID_HANDLE;
-
-	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES))
-		return NT_STATUS_ACCESS_DENIED;
-
 	if (num_entries >  MAX_LOOKUP_SIDS) {
 		num_entries = MAX_LOOKUP_SIDS;
 		DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
@@ -622,6 +615,13 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP
 	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
 	rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries);
 
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+	if (!(handle->access & POLICY_LOOKUP_NAMES))
+		return NT_STATUS_ACCESS_DENIED;
+
 	if (!ref || !rids)
 		return NT_STATUS_NO_MEMORY;
 
@@ -667,6 +667,13 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
 	LSA_PRIV_ENTRY *entry;
 	LSA_PRIV_ENTRY *entries=NULL;
 
+	if (enum_context >= PRIV_ALL_INDEX)
+		return NT_STATUS_NO_MORE_ENTRIES;
+
+	entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX));
+	if (entries==NULL)
+		return NT_STATUS_NO_MEMORY;
+
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
@@ -678,13 +685,6 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
 	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
-	if (enum_context >= PRIV_ALL_INDEX)
-		return NT_STATUS_NO_MORE_ENTRIES;
-
-	entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX));
-	if (entries==NULL)
-		return NT_STATUS_NO_MEMORY;
-
 	entry = entries;
 	
 	DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, PRIV_ALL_INDEX));