From eab81e4b0c1d74d6e4d7113992de46fe56082875 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Jan 2013 10:07:45 +0100
Subject: [PATCH] libcli/security: tree and replace sid are not optional to
 sec_access_check_ds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 libcli/security/access_check.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 936ffca242e6..7d4785f73c7d 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -465,7 +465,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
 			continue;
 		}
 
-		if (dom_sid_equal(&ace->trustee, &self_sid) && replace_sid) {
+		if (dom_sid_equal(&ace->trustee, &self_sid)) {
 			trustee = replace_sid;
 		} else {
 			trustee = &ace->trustee;
@@ -477,9 +477,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
 
 		switch (ace->type) {
 		case SEC_ACE_TYPE_ACCESS_ALLOWED:
-			if (tree) {
-				object_tree_modify_access(tree, ace->access_mask);
-			}
+			object_tree_modify_access(tree, ace->access_mask);
 
 			bits_remaining &= ~ace->access_mask;
 			break;
@@ -497,16 +495,14 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
 			 */
 			type = get_ace_object_type(ace);
 
-			if (!tree) {
-				continue;
-			}
-
 			if (!type) {
 				node = tree;
 			} else {
-				if (!(node = get_object_tree_by_GUID(tree, type))) {
-					continue;
-				}
+				node = get_object_tree_by_GUID(tree, type);
+			}
+
+			if (node == NULL) {
+				continue;
 			}
 
 			if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
-- 
2.34.1