s4:auth_winbind: fix error checking in winbind_check_password()

We need to handle every error instead of just NT_STATUS_NO_SUCH_USER,
the callers also doesn't require NT_STATUS_NOT_IMPLEMENTED anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

1 files changed, 6 insertions, 4 deletions

diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index 7308a17a6bc..65ad9b6120f 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -189,9 +189,11 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
 	status = dcerpc_winbind_SamLogon_r(irpc_handle, s, &s->req);
 	NT_STATUS_NOT_OK_RETURN(status);
 
-	if (NT_STATUS_EQUAL(s->req.out.result, NT_STATUS_NO_SUCH_USER) &&
-	    !s->req.out.authoritative) {
-		return NT_STATUS_NOT_IMPLEMENTED;
+	if (!NT_STATUS_IS_OK(s->req.out.result)) {
+		if (!s->req.out.authoritative) {
+			*authoritative = false;
+		}
+		return s->req.out.result;
 	}
 
 	/*
@@ -199,7 +201,7 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
 	 * This means that lockouts happen at a badPwdCount earlier than
 	 * normal, but makes it more fault tolerant.
 	 */
-	if (NT_STATUS_IS_OK(s->req.out.result)) {
+	{
 		const char *account_name = user_info->mapped.account_name;
 		const char *p = NULL;
 		p = strchr_m(account_name, '@');