From 122214b16bb2d247c8040728a6b0964531596ea9 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 13 Jun 2013 14:13:26 +0200
Subject: dsdb: don't allow a missing nTSecurityDescriptor in
 dsdb_get_sd_from_ldb_message()

Every object has a nTSecurityDescriptor attribute.

This also avoids potential segfaults in the callers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/dsdb/common/dsdb_access.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index 84005b3e5e..b918220a06 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -64,9 +64,9 @@ int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb,
 	enum ndr_err_code ndr_err;
 
 	sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor");
-	if (!sd_element) {
-		*sd = NULL;
-		return LDB_SUCCESS;
+	if (sd_element == NULL) {
+		return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+				 "nTSecurityDescriptor is missing");
 	}
 	*sd = talloc(mem_ctx, struct security_descriptor);
 	if(!*sd) {
-- 
cgit