From 95e644f4605f91632bf606d5ec36abc187bc98af Mon Sep 17 00:00:00 2001 From: Nadezhda Ivanova Date: Fri, 28 Jan 2011 11:58:14 +0200 Subject: s4-acl: Fixed returning uninitialized ldap error in case of some critical errors. Autobuild-User: Nadezhda Ivanova Autobuild-Date: Fri Jan 28 12:04:01 CET 2011 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/acl.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 2db4de58b2..69ff2aae94 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -891,8 +891,9 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) ret = dsdb_get_sd_from_ldb_message(ldb, tmp_ctx, acl_res->msgs[0], &sd); if (ret != LDB_SUCCESS) { - DEBUG(10, ("acl_modify: cannot get descriptor\n")); - goto fail; + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error retrieving security descriptor."); } /* Theoretically we pass the check if the object has no sd */ if (!sd) { @@ -901,19 +902,21 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) guid = get_oc_guid_from_message(module, schema, acl_res->msgs[0]); if (!guid) { - DEBUG(10, ("acl_modify: cannot get guid\n")); - goto fail; + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error retrieving object class GUID."); } sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid"); if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP, &root, &new_node)) { - DEBUG(10, ("acl_modify: cannot add to object tree\n")); - goto fail; + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error adding new node in object tree."); } for (i=0; i < req->op.mod.message->num_elements; i++){ const struct dsdb_attribute *attr; attr = dsdb_attribute_by_lDAPDisplayName(schema, - req->op.mod.message->elements[i].name); + req->op.mod.message->elements[i].name); if (ldb_attr_cmp("nTSecurityDescriptor", req->op.mod.message->elements[i].name) == 0) { status = sec_access_check_ds(sd, acl_user_token(module), -- cgit