From a6ab195d72ab5b986f278662f1fbbb5d983effec Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 23 Jun 2009 11:16:23 +0200
Subject: s3-lsa: Fix error path in _lsa_EnumAccountRights.

This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND
again as described in MS-LSAD 3.1.4.5.10 and tested with the
RPC-SAMR-USER-PRIVILEGES test.

Guenther
---
 source3/rpc_server/srv_lsa_nt.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'source3')

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 8773c29350..3e44c8e777 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2152,9 +2152,18 @@ NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
 
 	sid_copy( &sid, r->in.sid );
 
-	get_privileges_for_sids(&mask, &sid, 1);
+	/* according to MS-LSAD 3.1.4.5.10 it is required to return
+	 * NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
+	 * the lsa database */
 
-	privilege_set_init( &privileges );
+	if (!get_privileges_for_sids(&mask, &sid, 1)) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	status = privilege_set_init(&privileges);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
 	se_priv_to_privilege_set(&privileges, &mask);
 
-- 
cgit