From 2e6fe27bad609cf6143b41c4062a1acf2d49930f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 29 May 2019 14:35:20 +0200
Subject: [PATCH] libcli:auth: Return NTSTATUS for
 netlogon_creds_decrypt_samlogon_validation()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/credentials.c        |  8 ++++---
 libcli/auth/netlogon_creds_cli.c | 20 ++++++++++++------
 libcli/auth/proto.h              |  6 +++---
 source4/torture/rpc/samlogon.c   | 36 ++++++++++++++++++++++++--------
 4 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 545d3c6956c..11aeea28a27 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -680,12 +680,14 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
 	}
 }
 
-void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
-						uint16_t validation_level,
-						union netr_Validation *validation)
+NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+						    uint16_t validation_level,
+						    union netr_Validation *validation)
 {
 	netlogon_creds_crypt_samlogon_validation(creds, validation_level,
 							validation, false);
+
+	return NT_STATUS_OK;
 }
 
 NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index dd286a281bf..01831930cef 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -2531,9 +2531,13 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
 			return;
 		}
 
-		netlogon_creds_decrypt_samlogon_validation(state->ro_creds,
-							state->validation_level,
-							state->validation);
+		status = netlogon_creds_decrypt_samlogon_validation(state->ro_creds,
+								    state->validation_level,
+								    state->validation);
+		if (tevent_req_nterror(req, status)) {
+			netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
+			return;
+		}
 
 		tevent_req_done(req);
 		return;
@@ -2601,9 +2605,13 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
 		return;
 	}
 
-	netlogon_creds_decrypt_samlogon_validation(&state->tmp_creds,
-						state->validation_level,
-						state->validation);
+	status = netlogon_creds_decrypt_samlogon_validation(&state->tmp_creds,
+							    state->validation_level,
+							    state->validation);
+	if (tevent_req_nterror(req, result)) {
+		netlogon_creds_cli_LogonSamLogon_cleanup(req, result);
+		return;
+	}
 
 	tevent_req_done(req);
 }
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 00033b9ce55..6bf83d60e81 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -59,9 +59,9 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
 				 const struct netr_Authenticator *received_authenticator,
 				 struct netr_Authenticator *return_authenticator) ;
-void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
-						uint16_t validation_level,
-						union netr_Validation *validation);
+NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+						    uint16_t validation_level,
+						    union netr_Validation *validation);
 NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
 						    uint16_t validation_level,
 						    union netr_Validation *validation);
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index c7d56101878..76933b8869e 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -176,9 +176,15 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
 		validation_level = r->in.validation_level;
 
-		netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
-							   validation_level,
-							   r->out.validation);
+		status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+								    validation_level,
+								    r->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
 
 		switch (validation_level) {
 		case 2:
@@ -210,9 +216,15 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
 		validation_level = r_ex->in.validation_level;
 
-		netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
-							   validation_level,
-							   r_ex->out.validation);
+		status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+								    validation_level,
+								    r_ex->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
 
 		switch (validation_level) {
 		case 2:
@@ -252,9 +264,15 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
 		validation_level = r_flags->in.validation_level;
 
-		netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
-							   validation_level,
-							   r_flags->out.validation);
+		status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+								    validation_level,
+								    r_flags->out.validation);
+		if (!NT_STATUS_IS_OK(status)) {
+			if (error_string) {
+				*error_string = strdup(nt_errstr(status));
+			}
+			return status;
+		}
 
 		switch (validation_level) {
 		case 2: