Author: jra Date: 2005-09-15 17:28:38 +0000 (Thu, 15 Sep 2005) New Revision: 10241
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10241 Log: Inspired by bug #1447 - make sure we check creds at the correct time as this can disrupt the chain if we don't. Jeremy. Modified: trunk/source/rpc_client/cli_netlogon.c Changeset: Modified: trunk/source/rpc_client/cli_netlogon.c =================================================================== --- trunk/source/rpc_client/cli_netlogon.c 2005-09-15 16:30:09 UTC (rev 10240) +++ trunk/source/rpc_client/cli_netlogon.c 2005-09-15 17:28:38 UTC (rev 10241) @@ -611,8 +611,8 @@ result = r.status; - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ + if (r.buffer_creds) { + /* Check returned credentials if present. */ if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; @@ -724,8 +724,8 @@ result = r.status; - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ + if (r.buffer_creds) { + /* Check returned credentials if present. */ if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; @@ -774,12 +774,10 @@ DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result))); } - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) { - DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } + /* Always check returned credentials. */ + if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) { + DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; } return result;
