svn commit: samba r10241 - in trunk/source/rpc_client: .

[jra at samba.org]

Author: jra
Date: 2005-09-15 17:28:38 +0000 (Thu, 15 Sep 2005)
New Revision: 10241

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10241

Log:
Inspired by bug #1447 - make sure we check creds at the correct time
as this can disrupt the chain if we don't.
Jeremy.

Modified:
   trunk/source/rpc_client/cli_netlogon.c


Changeset:
Modified: trunk/source/rpc_client/cli_netlogon.c
===================================================================
--- trunk/source/rpc_client/cli_netlogon.c	2005-09-15 16:30:09 UTC (rev 10240)
+++ trunk/source/rpc_client/cli_netlogon.c	2005-09-15 17:28:38 UTC (rev 10241)
@@ -611,8 +611,8 @@
 
 	result = r.status;
 
-	if (!NT_STATUS_IS_ERR(result)) {
-		/* Check returned credentials. */
+	if (r.buffer_creds) {
+		/* Check returned credentials if present. */
 		if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
 			DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
 			return NT_STATUS_ACCESS_DENIED;
@@ -724,8 +724,8 @@
 
 	result = r.status;
 
-	if (!NT_STATUS_IS_ERR(result)) {
-		/* Check returned credentials. */
+	if (r.buffer_creds) {
+		/* Check returned credentials if present. */
 		if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
 			DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
 			return NT_STATUS_ACCESS_DENIED;
@@ -774,12 +774,10 @@
 		DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
 	}
 
-	if (!NT_STATUS_IS_ERR(result)) {
-		/* Check returned credentials. */
-		if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
-			DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
+	/* Always check returned credentials. */
+	if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
+		DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	return result;