summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c20
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c47
2 files changed, 34 insertions, 33 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 937ae70a33..7c92a1560e 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -697,7 +697,7 @@ static NTSTATUS dcesrv_lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALL
ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs,
"(&(objectSid=*)(privilege=*))");
if (ret < 0) {
- return NT_STATUS_NO_SUCH_USER;
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (*r->in.resume_handle >= ret) {
@@ -1626,7 +1626,7 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
resumed based on resume_key */
count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
"objectclass=trustedDomain");
- if (count == -1) {
+ if (count < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1719,7 +1719,7 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca
resumed based on resume_key */
count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs,
"objectclass=trustedDomain");
- if (count == -1) {
+ if (count < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1844,6 +1844,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
ret = gendb_search(astate->policy->pdb, mem_ctx, NULL, &res, attrs,
"objectSid=%s", sidstr);
+ if (ret < 0) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
if (ret != 1) {
return NT_STATUS_OK;
}
@@ -1904,10 +1907,7 @@ static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
if (ret == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- if (ret > 1) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
- if (ret == -1) {
+ if (ret != 1) {
DEBUG(3, ("searching for account rights for SID: %s failed: %s",
dom_sid_string(mem_ctx, r->in.sid),
ldb_errstring(state->pdb)));
@@ -2295,7 +2295,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- if (ret == -1) {
+ if (ret < 0) {
DEBUG(0,("Failure searching for CN=%s: %s\n",
name2, ldb_errstring(secret_state->sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2328,7 +2328,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- if (ret == -1) {
+ if (ret < 0) {
DEBUG(0,("Failure searching for CN=%s: %s\n",
name, ldb_errstring(secret_state->sam_ldb)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2907,7 +2907,7 @@ static NTSTATUS dcesrv_lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *d
ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs,
"privilege=%s", privname);
- if (ret == -1) {
+ if (ret < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ret == 0) {
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 7e13f4e18a..f5f0926b0d 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -379,12 +379,11 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
}
ret = gendb_search_dn(state->sam_ldb, mem_ctx, domain_dn, &res, attrs);
- if (ret == 1) {
- domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
- if (domain_sid == NULL) {
- return NT_STATUS_INVALID_SID;
- }
- } else {
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
+ if (domain_sid == NULL) {
return NT_STATUS_INVALID_SID;
}
@@ -398,8 +397,8 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs,
"(&(sAMAccountName=%s)(objectSid=*))",
ldb_binary_encode_string(mem_ctx, username));
- if (ret == -1) {
- return NT_STATUS_INVALID_SID;
+ if (ret < 0) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
for (i=0; i < ret; i++) {
@@ -511,28 +510,30 @@ static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX
return NT_STATUS_NOT_FOUND;
}
+ /* need to re-add a check for an allocated sid */
+
ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs,
"objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
- if (ret == 1) {
- *name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
+ if ((ret < 0) || (ret > 1)) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ if (ret == 0) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ *name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
+ if (!*name) {
+ *name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
if (!*name) {
- *name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
- if (!*name) {
- *name = talloc_strdup(mem_ctx, sid_str);
- NT_STATUS_HAVE_NO_MEMORY(*name);
- }
+ *name = talloc_strdup(mem_ctx, sid_str);
+ NT_STATUS_HAVE_NO_MEMORY(*name);
}
-
- atype = samdb_result_uint(res[0], "sAMAccountType", 0);
-
- *rtype = ds_atype_map(atype);
-
- return NT_STATUS_OK;
}
- /* need to re-add a check for an allocated sid */
+ atype = samdb_result_uint(res[0], "sAMAccountType", 0);
+ *rtype = ds_atype_map(atype);
- return NT_STATUS_NOT_FOUND;
+ return NT_STATUS_OK;
}