From 650684351acf53dd3a7a57fe3c6e1795affd0583 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 31 Jan 2017 15:19:00 +0100 Subject: [PATCH] s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect If cm_get_ipc_credentials() returned anonymous creds and signing is required we were returning the result of cm_get_ipc_credentials() instead of the original error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (similar to commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2) --- source3/winbindd/winbindd_cm.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 45e3fad..801be11 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -995,6 +995,8 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, struct named_mutex *mutex; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS tmp_status; + NTSTATUS tcon_status = NT_STATUS_NETWORK_NAME_DELETED; enum smb_signing_setting smb_sign_client_connections = lp_client_ipc_signing(); @@ -1186,8 +1188,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto done; ipc_fallback: - result = cm_get_ipc_credentials(talloc_tos(), &creds); - if (!NT_STATUS_IS_OK(result)) { + TALLOC_FREE(creds); + tmp_status = cm_get_ipc_credentials(talloc_tos(), &creds); + if (!NT_STATUS_IS_OK(tmp_status)) { + result = tmp_status; goto done; } @@ -1274,11 +1278,11 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, } result = cli_tree_connect(*cli, "IPC$", "IPC", "", 0); - if (!NT_STATUS_IS_OK(result)) { DEBUG(1,("failed tcon_X with %s\n", nt_errstr(result))); goto done; } + tcon_status = result; /* cache the server name for later connections */ @@ -1297,6 +1301,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, done: TALLOC_FREE(mutex); + if (NT_STATUS_IS_OK(result)) { + result = tcon_status; + } + if (!NT_STATUS_IS_OK(result)) { winbind_add_failed_connection_entry(domain, controller, result); if ((*cli) != NULL) { -- 1.9.1