From 567d4e356a10c5af3b679dcb338ae2bd3ce88b19 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Nov 2024 17:12:52 +0100
Subject: [PATCH] s4:rpc_server/netlogon: let
 dcesrv_netr_LogonSamLogon_base_reply handle encryption errors

This might be the better option when we implement
netr_ServerAuthenticateKerberos().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 3a75e046839..5c7ac435a1c 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1704,6 +1704,12 @@ static void dcesrv_netr_LogonSamLogon_base_reply(
 			DBG_ERR("netlogon_creds_encrypt_samlogon_validation() "
 				"failed - %s\n",
 				nt_errstr(status));
+			if (r->out.validation != NULL) {
+				ZERO_STRUCTP(r->out.validation);
+			}
+			*r->out.authoritative = true;
+			*r->out.flags = 0;
+			r->out.result = status;
 		}
 	}
 
-- 
2.47.3