s3-lsa: Fix error path in _lsa_EnumAccountRights.

This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND
again as described in MS-LSAD 3.1.4.5.10 and tested with the
RPC-SAMR-USER-PRIVILEGES test.

Guenther

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 8773c293504fceca4923f5e220693a1d3cbccc34..3e44c8e77745880803649e979c3b0f57b80e7e78 100644 (file)
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2152,9 +2152,18 @@ NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
 
        sid_copy( &sid, r->in.sid );
 
-       get_privileges_for_sids(&mask, &sid, 1);
+       /* according to MS-LSAD 3.1.4.5.10 it is required to return
+        * NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
+        * the lsa database */
 
-       privilege_set_init( &privileges );
+       if (!get_privileges_for_sids(&mask, &sid, 1)) {
+               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+       }
+
+       status = privilege_set_init(&privileges);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
        se_priv_to_privilege_set(&privileges, &mask);