From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Feb 2022 13:19:16 +0000 (+0100)
Subject: s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
X-Git-Tag: samba-4.17.9~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38a9e17d02f2d53bcd643ed255b1fa2861f40ce0;p=thirdparty%2Fsamba.git

s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1

Otherwise we could treat a local problem as non-authoritative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86)
---

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 9805d90fef0..d870188767e 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1649,6 +1649,15 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 		struct rpc_pipe_client *netlogon_pipe;
 		struct netlogon_creds_cli_context *netlogon_creds_ctx = NULL;
 
+		/*
+		 * We should always reset authoritative to 1
+		 * before calling a server again.
+		 *
+		 * Otherwise we could treat a local problem as
+		 * non-authoritative.
+		 */
+		*authoritative = 1;
+
 		retry = false;
 
 		result = cm_connect_netlogon_secure(domain, &netlogon_pipe,