fixed a number of places in our LSA server where we should return the

sid/name array even when all are unmapped. If we don't fill in the
array then the windows client runtime crashes

diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index eed713f71cb9dfe4d4e7cf28c08e9bcb7be34601..e1c44990229420b9be5583814cac423f50e724bc 100644 (file)
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -1052,7 +1052,7 @@ import "misc.idl", "security.idl";
                lsa_SidType sid_type;
                dom_sid2 *sid;
                uint32 sid_index;
-               uint32 unknown;
+               uint32 flags;
        } lsa_TranslatedSid3;
 
        typedef struct {

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index a71bd575169e6f1470ddfe0e874542a90ab4a552..0ffb0572eec7c5643aaad41682090b5e6fec3d07 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -620,6 +620,8 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
        NTSTATUS status;
        struct dcesrv_handle *h;
 
+       ZERO_STRUCT(r2);
+       
        /* No policy handle on the wire, so make one up here */
        r2.in.handle = talloc(mem_ctx, struct policy_handle);
        if (!r2.in.handle) {
@@ -649,9 +651,6 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
        r2.out.names   = r->out.names;
 
        status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
-       if (NT_STATUS_IS_ERR(status)) {
-               return status;
-       }
 
        r->out.domains = r2.out.domains;
        r->out.names   = r2.out.names;
@@ -671,6 +670,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
        NTSTATUS status;
        int i;
 
+       ZERO_STRUCT(r2);
+
        r2.in.handle   = r->in.handle;
        r2.in.sids     = r->in.sids;
        r2.in.names    = NULL;
@@ -761,7 +762,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
                r->out.sids->sids[i].sid_type    = SID_NAME_UNKNOWN;
                r->out.sids->sids[i].sid         = NULL;
                r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
-               r->out.sids->sids[i].unknown     = 0;
+               r->out.sids->sids[i].flags       = 0;
 
                status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype);
                if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
@@ -771,13 +772,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
                status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, 
                                                    sid, r->out.domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
-                       return status2;
+                       continue;
                }
 
                r->out.sids->sids[i].sid_type    = rtype;
                r->out.sids->sids[i].sid         = sid;
                r->out.sids->sids[i].sid_index   = sid_index;
-               r->out.sids->sids[i].unknown     = 0;
+               r->out.sids->sids[i].flags       = 0;
 
                (*r->out.count)++;
        }
@@ -806,6 +807,8 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
        NTSTATUS status;
        struct dcesrv_handle *h;
 
+       ZERO_STRUCT(r2);
+
        /* No policy handle on the wire, so make one up here */
        r2.in.handle = talloc(mem_ctx, struct policy_handle);
        if (!r2.in.handle) {
@@ -836,9 +839,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
        r2.out.count = r->out.count;
        
        status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2);
-       if (NT_STATUS_IS_ERR(status)) {
-               return status;
-       }
        
        r->out.domains = r2.out.domains;
        r->out.sids = r2.out.sids;
@@ -913,7 +913,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
                status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, 
                                                    sid, r->out.domains, &sid_index);
                if (!NT_STATUS_IS_OK(status2)) {
-                       return status2;
+                       continue;
                }
 
                r->out.sids->sids[i].sid_type    = rtype;
@@ -944,6 +944,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
        NTSTATUS status;
        int i;
 
+       ZERO_STRUCT(r2);
+
        r2.in.handle    = r->in.handle;
        r2.in.num_names = r->in.num_names;
        r2.in.names     = r->in.names;
@@ -955,7 +957,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
        r2.out.count    = r->out.count;
 
        status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
-       if (NT_STATUS_IS_ERR(status)) {
+       if (r2.out.sids == NULL) {
                return status;
        }