From 8ae968193b7084af8bb0ccf7d624ff10e39d5715 Mon Sep 17 00:00:00 2001
From: Garming Sam <garming@catalyst.net.nz>
Date: Thu, 20 Apr 2017 16:55:58 +1200
Subject: [PATCH] netlogon_creds_cli: Do not corrupt authenticator state on
 application level errors

If the NETLOGON response was an error e.g. NT_STATUS_NOT_IMPLEMENTED, any subsequent
calls failed with NT_STATUS_ACCESS_DENIED. This is likely to be the cause of RODC DNS
updates falling off and never continuing.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/netlogon_creds_cli.c | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d55142e3ee2..ff30354d60e 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -2800,19 +2800,20 @@ static void netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_done(struct tev
 		return;
 	}
 
-	if (tevent_req_nterror(req, result)) {
-		netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, result);
-		return;
-	}
-
 	*state->creds = state->tmp_creds;
 	status = netlogon_creds_cli_store(state->context,
 					  &state->creds);
+
 	if (tevent_req_nterror(req, status)) {
 		netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, status);
 		return;
 	}
 
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, result);
+		return;
+	}
+
 	tevent_req_done(req);
 }
 
@@ -3052,11 +3053,6 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 		return;
 	}
 
-	if (tevent_req_nterror(req, result)) {
-		netlogon_creds_cli_ServerGetTrustInfo_cleanup(req, result);
-		return;
-	}
-
 	cmp = memcmp(state->new_owf_password.hash,
 		     zero.hash, sizeof(zero.hash));
 	if (cmp != 0) {
@@ -3078,6 +3074,11 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 		return;
 	}
 
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_ServerGetTrustInfo_cleanup(req, result);
+		return;
+	}
+
 	tevent_req_done(req);
 }
 
@@ -3347,19 +3348,20 @@ static void netlogon_creds_cli_GetForestTrustInformation_done(struct tevent_req
 		return;
 	}
 
-	if (tevent_req_nterror(req, result)) {
-		netlogon_creds_cli_GetForestTrustInformation_cleanup(req, result);
-		return;
-	}
-
 	*state->creds = state->tmp_creds;
 	status = netlogon_creds_cli_store(state->context,
 					  &state->creds);
+
 	if (tevent_req_nterror(req, status)) {
 		netlogon_creds_cli_GetForestTrustInformation_cleanup(req, status);
 		return;
 	}
 
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_GetForestTrustInformation_cleanup(req, result);
+		return;
+	}
+
 	tevent_req_done(req);
 }
 
-- 
2.47.2