From 38a9e17d02f2d53bcd643ed255b1fa2861f40ce0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Feb 2022 14:19:16 +0100
Subject: [PATCH] s3:winbindd: let winbind_samlogon_retry_loop() always start
 with authoritative = 1

Otherwise we could treat a local problem as non-authoritative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86)
---
 source3/winbindd/winbindd_pam.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 9805d90fef0..d870188767e 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1649,6 +1649,15 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 		struct rpc_pipe_client *netlogon_pipe;
 		struct netlogon_creds_cli_context *netlogon_creds_ctx = NULL;
 
+		/*
+		 * We should always reset authoritative to 1
+		 * before calling a server again.
+		 *
+		 * Otherwise we could treat a local problem as
+		 * non-authoritative.
+		 */
+		*authoritative = 1;
+
 		retry = false;
 
 		result = cm_connect_netlogon_secure(domain, &netlogon_pipe,
-- 
2.47.3