From 24049e8fc58c5216b3af8fdaf327471eaff882a1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= Date: Sat, 6 Mar 2010 11:19:04 +0100 Subject: [PATCH] s4:lsa RPC - fix up "gendb_*" result codes Make the resultcodes consistent: that means: result < 0 -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical error result >= 0 -> depends on the function usage. I tried to let the logic always as it was before. --- source4/rpc_server/lsa/dcesrv_lsa.c | 20 ++++++++-------- source4/rpc_server/lsa/lsa_lookup.c | 47 +++++++++++++++++++------------------ 2 files changed, 34 insertions(+), 33 deletions(-) diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 937ae70a33b..7c92a1560ec 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -697,7 +697,7 @@ static NTSTATUS dcesrv_lsa_EnumAccounts(struct dcesrv_call_state *dce_call, TALL ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs, "(&(objectSid=*)(privilege=*))"); if (ret < 0) { - return NT_STATUS_NO_SUCH_USER; + return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (*r->in.resume_handle >= ret) { @@ -1626,7 +1626,7 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL resumed based on resume_key */ count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs, "objectclass=trustedDomain"); - if (count == -1) { + if (count < 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1719,7 +1719,7 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca resumed based on resume_key */ count = gendb_search(policy_state->sam_ldb, mem_ctx, policy_state->system_dn, &domains, attrs, "objectclass=trustedDomain"); - if (count == -1) { + if (count < 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1844,6 +1844,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, ret = gendb_search(astate->policy->pdb, mem_ctx, NULL, &res, attrs, "objectSid=%s", sidstr); + if (ret < 0) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } if (ret != 1) { return NT_STATUS_OK; } @@ -1904,10 +1907,7 @@ static NTSTATUS dcesrv_lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, if (ret == 0) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - if (ret > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - if (ret == -1) { + if (ret != 1) { DEBUG(3, ("searching for account rights for SID: %s failed: %s", dom_sid_string(mem_ctx, r->in.sid), ldb_errstring(state->pdb))); @@ -2295,7 +2295,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_OBJECT_NAME_COLLISION; } - if (ret == -1) { + if (ret < 0) { DEBUG(0,("Failure searching for CN=%s: %s\n", name2, ldb_errstring(secret_state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2328,7 +2328,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_OBJECT_NAME_COLLISION; } - if (ret == -1) { + if (ret < 0) { DEBUG(0,("Failure searching for CN=%s: %s\n", name, ldb_errstring(secret_state->sam_ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2907,7 +2907,7 @@ static NTSTATUS dcesrv_lsa_EnumAccountsWithUserRight(struct dcesrv_call_state *d ret = gendb_search(state->pdb, mem_ctx, NULL, &res, attrs, "privilege=%s", privname); - if (ret == -1) { + if (ret < 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (ret == 0) { diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 7e13f4e18a1..f5f0926b0d2 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -379,12 +379,11 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, } ret = gendb_search_dn(state->sam_ldb, mem_ctx, domain_dn, &res, attrs); - if (ret == 1) { - domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); - if (domain_sid == NULL) { - return NT_STATUS_INVALID_SID; - } - } else { + if (ret != 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid"); + if (domain_sid == NULL) { return NT_STATUS_INVALID_SID; } @@ -398,8 +397,8 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs, "(&(sAMAccountName=%s)(objectSid=*))", ldb_binary_encode_string(mem_ctx, username)); - if (ret == -1) { - return NT_STATUS_INVALID_SID; + if (ret < 0) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; } for (i=0; i < ret; i++) { @@ -511,28 +510,30 @@ static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX return NT_STATUS_NOT_FOUND; } + /* need to re-add a check for an allocated sid */ + ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs, "objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid)); - if (ret == 1) { - *name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL); + if ((ret < 0) || (ret > 1)) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + if (ret == 0) { + return NT_STATUS_NOT_FOUND; + } + + *name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL); + if (!*name) { + *name = ldb_msg_find_attr_as_string(res[0], "cn", NULL); if (!*name) { - *name = ldb_msg_find_attr_as_string(res[0], "cn", NULL); - if (!*name) { - *name = talloc_strdup(mem_ctx, sid_str); - NT_STATUS_HAVE_NO_MEMORY(*name); - } + *name = talloc_strdup(mem_ctx, sid_str); + NT_STATUS_HAVE_NO_MEMORY(*name); } - - atype = samdb_result_uint(res[0], "sAMAccountType", 0); - - *rtype = ds_atype_map(atype); - - return NT_STATUS_OK; } - /* need to re-add a check for an allocated sid */ + atype = samdb_result_uint(res[0], "sAMAccountType", 0); + *rtype = ds_atype_map(atype); - return NT_STATUS_NOT_FOUND; + return NT_STATUS_OK; } -- 2.11.4.GIT