From: Garming Sam <garming@catalyst.net.nz>
Date: Thu, 20 Apr 2017 04:55:58 +0000 (+1200)
Subject: netlogon_creds_cli: Do not corrupt authenticator state on application level errors
X-Git-Tag: ldb-1.1.30~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ae968193b7084af8bb0ccf7d624ff10e39d5715;p=thirdparty%2Fsamba.git

netlogon_creds_cli: Do not corrupt authenticator state on application level errors

If the NETLOGON response was an error e.g. NT_STATUS_NOT_IMPLEMENTED, any subsequent
calls failed with NT_STATUS_ACCESS_DENIED. This is likely to be the cause of RODC DNS
updates falling off and never continuing.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d55142e3ee2..ff30354d60e 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -2800,19 +2800,20 @@ static void netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_done(struct tev
 		return;
 	}
 
-	if (tevent_req_nterror(req, result)) {
-		netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, result);
-		return;
-	}
-
 	*state->creds = state->tmp_creds;
 	status = netlogon_creds_cli_store(state->context,
 					  &state->creds);
+
 	if (tevent_req_nterror(req, status)) {
 		netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, status);
 		return;
 	}
 
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, result);
+		return;
+	}
+
 	tevent_req_done(req);
 }
 
@@ -3052,11 +3053,6 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 		return;
 	}
 
-	if (tevent_req_nterror(req, result)) {
-		netlogon_creds_cli_ServerGetTrustInfo_cleanup(req, result);
-		return;
-	}
-
 	cmp = memcmp(state->new_owf_password.hash,
 		     zero.hash, sizeof(zero.hash));
 	if (cmp != 0) {
@@ -3078,6 +3074,11 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 		return;
 	}
 
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_ServerGetTrustInfo_cleanup(req, result);
+		return;
+	}
+
 	tevent_req_done(req);
 }
 
@@ -3347,19 +3348,20 @@ static void netlogon_creds_cli_GetForestTrustInformation_done(struct tevent_req
 		return;
 	}
 
-	if (tevent_req_nterror(req, result)) {
-		netlogon_creds_cli_GetForestTrustInformation_cleanup(req, result);
-		return;
-	}
-
 	*state->creds = state->tmp_creds;
 	status = netlogon_creds_cli_store(state->context,
 					  &state->creds);
+
 	if (tevent_req_nterror(req, status)) {
 		netlogon_creds_cli_GetForestTrustInformation_cleanup(req, status);
 		return;
 	}
 
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_GetForestTrustInformation_cleanup(req, result);
+		return;
+	}
+
 	tevent_req_done(req);
 }