diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 2db4de58b2..69ff2aae94 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -891,8 +891,9 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) ret = dsdb_get_sd_from_ldb_message(ldb, tmp_ctx, acl_res->msgs[0], &sd); if (ret != LDB_SUCCESS) { - DEBUG(10, ("acl_modify: cannot get descriptor\n")); - goto fail; + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error retrieving security descriptor."); } /* Theoretically we pass the check if the object has no sd */ if (!sd) { @@ -901,19 +902,21 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) guid = get_oc_guid_from_message(module, schema, acl_res->msgs[0]); if (!guid) { - DEBUG(10, ("acl_modify: cannot get guid\n")); - goto fail; + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error retrieving object class GUID."); } sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid"); if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP, &root, &new_node)) { - DEBUG(10, ("acl_modify: cannot add to object tree\n")); - goto fail; + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error adding new node in object tree."); } for (i=0; i < req->op.mod.message->num_elements; i++){ const struct dsdb_attribute *attr; attr = dsdb_attribute_by_lDAPDisplayName(schema, - req->op.mod.message->elements[i].name); + req->op.mod.message->elements[i].name); if (ldb_attr_cmp("nTSecurityDescriptor", req->op.mod.message->elements[i].name) == 0) { status = sec_access_check_ds(sd, acl_user_token(module), |