From: Günther Deschner <gd@samba.org>
Date: Tue, 23 Jun 2009 09:16:23 +0000 (+0200)
Subject: s3-lsa: Fix error path in _lsa_EnumAccountRights.
X-Git-Tag: tevent-0.9.8~957
X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=commitdiff_plain;h=a6ab195d72ab5b986f278662f1fbbb5d983effec;hp=e4dec230e971a761d3ff9a31013f130d55e63fd0;ds=sidebyside

s3-lsa: Fix error path in _lsa_EnumAccountRights.

This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND
again as described in MS-LSAD 3.1.4.5.10 and tested with the
RPC-SAMR-USER-PRIVILEGES test.

Guenther
---

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 8773c293504..3e44c8e7774 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2152,9 +2152,18 @@ NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
 
 	sid_copy( &sid, r->in.sid );
 
-	get_privileges_for_sids(&mask, &sid, 1);
+	/* according to MS-LSAD 3.1.4.5.10 it is required to return
+	 * NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
+	 * the lsa database */
 
-	privilege_set_init( &privileges );
+	if (!get_privileges_for_sids(&mask, &sid, 1)) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	status = privilege_set_init(&privileges);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
 	se_priv_to_privilege_set(&privileges, &mask);