s3:winbindd_cm: close sockfd on error in cm_prepare_connection()

[gd/samba-autobuild/.git] / source3 / winbindd / winbindd_cm.c

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index b631ab69a9ece58cd3e3ac0dc4e2db067e4d5e10..cfb11039fb0a52ad23e71a9a97ab52aea8567f21 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -802,6 +802,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
        mutex = grab_named_mutex(talloc_tos(), controller,
                                 WINBIND_SERVER_MUTEX_WAIT_TIME);
        if (mutex == NULL) {
+               close(sockfd);
                DEBUG(0,("cm_prepare_connection: mutex grab failed for %s\n",
                         controller));
                result = NT_STATUS_POSSIBLE_DEADLOCK;
@@ -812,8 +813,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
        *cli = cli_state_create(NULL, sockfd,
                                controller, domain->alt_name,
-                               Undefined, flags);
+                               SMB_SIGNING_DEFAULT, flags);
        if (*cli == NULL) {
+               close(sockfd);
                DEBUG(1, ("Could not cli_initialize\n"));
                result = NT_STATUS_NO_MEMORY;
                goto done;
@@ -821,7 +823,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
        cli_set_timeout(*cli, 10000); /* 10 seconds */
 
-       result = cli_negprot(*cli);
+       result = cli_negprot(*cli, PROTOCOL_NT1);
 
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
@@ -832,8 +834,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
            cli_state_protocol(*cli) >= PROTOCOL_NT1 &&
            cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY)
        {
-               ADS_STATUS ads_status;
-
                result = get_trust_creds(domain, &machine_password,
                                         &machine_account,
                                         &machine_krb5_principal);
@@ -894,7 +894,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                                nt_errstr(result)));
                }
 
-               result = ads_ntstatus(ads_status);
                if (NT_STATUS_IS_OK(result)) {
                        /* Ensure creds are stored for NTLMSSP authenticated pipe access. */
                        result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
@@ -945,8 +944,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                "connection for DC %s\n",
                controller ));
 
-       if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
-                                             NULL, 0, ""))) {
+       result = cli_session_setup(*cli, "", NULL, 0, NULL, 0, "");
+       if (NT_STATUS_IS_OK(result)) {
                DEBUG(5, ("Connected anonymously\n"));
                result = cli_init_creds(*cli, "", "", "");
                if (!NT_STATUS_IS_OK(result)) {
@@ -955,13 +954,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                goto session_setup_done;
        }
 
-       result = cli_nt_error(*cli);
-
-       if (NT_STATUS_IS_OK(result))
-               result = NT_STATUS_UNSUCCESSFUL;
-
        /* We can't session setup */
-
        goto done;
 
  session_setup_done: