s4:auth/sam.c - the check for the SAMDB needs to be on the top of the call

Otherwise it's really useless.

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index bd9278036e446f427df1e874f27e7e393054cf69..675c37682dbe668ae933b9f9521de0d13fbfe5e0 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -314,6 +314,11 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
                *num_res_sids = 0;
        }
 
+       if (!sam_ctx) {
+               DEBUG(0, ("No SAM available, cannot determine local groups\n"));
+               return NT_STATUS_INVALID_SYSTEM_SERVICE;
+       }
+
        tmp_ctx = talloc_new(res_sids_ctx);
 
        dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
@@ -339,12 +344,6 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
                return status;
        }
 
-       if (!sam_ctx) {
-               DEBUG(0, ("No SAM available, cannot determine local groups\n"));
-               talloc_free(tmp_ctx);
-               return NT_STATUS_INVALID_SYSTEM_SERVICE;
-       }
-
        if (only_childs) {
                ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs,
                                     DSDB_SEARCH_SHOW_EXTENDED_DN);