From 531a33b9c98a0a118538f2502151f22382e62d37 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 25 Nov 2024 18:25:52 +0100
Subject: [PATCH] s4:rpc_server/netlogon: fix error codes in
 dcesrv_netr_NetrLogonSendToSam

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec  5 17:46:49 UTC 2024 on atb-devel-224
---
 selftest/knownfail.d/samba.tests.krb5.netlogon | 2 --
 source4/rpc_server/netlogon/dcerpc_netlogon.c  | 7 +++----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/selftest/knownfail.d/samba.tests.krb5.netlogon b/selftest/knownfail.d/samba.tests.krb5.netlogon
index 3da1d7368e5..ce9255442db 100644
--- a/selftest/knownfail.d/samba.tests.krb5.netlogon
+++ b/selftest/knownfail.d/samba.tests.krb5.netlogon
@@ -1,7 +1,5 @@
 # Without AES we currently get DOWNGRADE_DETECTED
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_00004004
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_603fffff
-# These need to be checked
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam
 # This is not implemented yet
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 0667a120507..b3a71b3cb59 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -3234,7 +3234,7 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal
 	case SEC_CHAN_DNS_DOMAIN:
 	case SEC_CHAN_DOMAIN:
 	case SEC_CHAN_NULL:
-		return NT_STATUS_INVALID_PARAMETER;
+		return NT_STATUS_ACCESS_DENIED;
 	default:
 		DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
 			  creds->secure_channel_type));
@@ -3264,8 +3264,7 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal
 				       (ndr_pull_flags_fn_t)ndr_pull_netr_SendToSamBase);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		/* We only partially implement SendToSam */
-		return NT_STATUS_NOT_IMPLEMENTED;
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	/* Now 'send' to SAM */
@@ -3289,7 +3288,7 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal
 					   &dn);
 		if (ret != LDB_SUCCESS) {
 			ldb_transaction_cancel(sam_ctx);
-			return NT_STATUS_INVALID_PARAMETER;
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 		}
 
 		if (creds->secure_channel_type == SEC_CHAN_RODC &&
-- 
2.47.3