[PATCH] _lsa_lookup_sids return value overwritten

[Jerome Borsboom]

When a sid lookup is rejected by unsufficient user rights, the 
NT_STATUS_ACCESS_DENIED value is overwritten by the subsequent 
mapped_count test. The patch below corrects this.

--- samba-3.0.4/source/rpc_server/srv_lsa_nt.c	2004-04-20 22:42:56.000000000 +0200
+++ samba-3.0.4.new/source/rpc_server/srv_lsa_nt.c	2004-05-21 12:14:37.942023949 +0200
@@ -642,6 +642,8 @@
 	LSA_TRANS_NAME_ENUM *names = NULL;
 	uint32 mapped_count = 0;
 
+	r_u->status = NT_STATUS_OK;
+
 	if (num_entries >  MAX_LOOKUP_SIDS) {
 		num_entries = MAX_LOOKUP_SIDS;
 		DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries));
@@ -667,12 +669,12 @@
 
 	/* set up the LSA Lookup SIDs response */
 	init_lsa_trans_names(p->mem_ctx, ref, names, num_entries, sid, &mapped_count);
-	if (mapped_count == 0)
-		r_u->status = NT_STATUS_NONE_MAPPED;
-	else if (mapped_count != num_entries)
-		r_u->status = STATUS_SOME_UNMAPPED;
-	else
-		r_u->status = NT_STATUS_OK;
+	if (NT_STATUS_IS_OK(r_u->status)) {
+		if (mapped_count == 0)
+			r_u->status = NT_STATUS_NONE_MAPPED;
+		else if (mapped_count != num_entries)
+			r_u->status = STATUS_SOME_UNMAPPED;
+	}
 	init_reply_lookup_sids(r_u, ref, names, mapped_count);
 
 	return r_u->status;