s4:rpc_server/netlogon: fix error codes for netr_NetrLogonSendToSam() with SEC_CHAN_RODC

author Stefan Metzmacher <metze@samba.org>

Fri, 13 Dec 2024 15:11:34 +0000 (16:11 +0100)

committer Stefan Metzmacher <metze@samba.org>

Wed, 8 Jan 2025 09:13:30 +0000 (09:13 +0000)
author Stefan Metzmacher <metze@samba.org>
Fri, 13 Dec 2024 15:11:34 +0000 (16:11 +0100)
committer Stefan Metzmacher <metze@samba.org>
Wed, 8 Jan 2025 09:13:30 +0000 (09:13 +0000)
diff --git a/selftest/knownfail.d/samba.tests.krb5.netlogon b/selftest/knownfail.d/samba.tests.krb5.netlogon

index f7cea4d5550c6a43afc30987096a64d8ee5c0b5c..dc2304c116218f73c7e7862ed3f553e9064430ee 100644 (file)
--- a/selftest/knownfail.d/samba.tests.krb5.netlogon
+++ b/selftest/knownfail.d/samba.tests.krb5.netlogon
@@ -1,11 +1,2 @@
  # This is not implemented yet
  ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon
-# The RODC handling is wrong
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_01000000
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_613fffff
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_e13fffff
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_00000000
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_00004000
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_603fbffb
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_80000000
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_e13fffff
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index ccf303cff9a9598d699cf201eedcb0912ddf315c..848a01aad4a85cf8105f14f86d416acd6afaf19a 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -3389,6 +3389,9 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal
                                            &dn);
                 if (ret != LDB_SUCCESS) {
                         ldb_transaction_cancel(sam_ctx);
+                       if (creds->secure_channel_type == SEC_CHAN_RODC) {
+                               return NT_STATUS_INTERNAL_ERROR;
+                       }
                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
                 }
  
@@ -3398,7 +3401,7 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal
                                   "an arbitrary user: %s\n",
                                   ldb_dn_get_linearized(dn)));
                         ldb_transaction_cancel(sam_ctx);
-                       return NT_STATUS_INVALID_PARAMETER;
+                       return NT_STATUS_ACCESS_DENIED;
                 }
  
                 msg->dn = dn;
author	Stefan Metzmacher <metze@samba.org>
	Fri, 13 Dec 2024 15:11:34 +0000 (16:11 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 8 Jan 2025 09:13:30 +0000 (09:13 +0000)
selftest/knownfail.d/samba.tests.krb5.netlogon		patch \| blob \| blame \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		patch \| blob \| blame \| history