s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree...

If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index d8c894c6292f845974fa0b5ce8022fe1ac23f8a8..41a00764af4e6084a57b5f99ea038632a6e54da8 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1001,6 +1001,8 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
        struct named_mutex *mutex;
 
        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+       NTSTATUS tmp_status;
+       NTSTATUS tcon_status = NT_STATUS_NETWORK_NAME_DELETED;
 
        enum smb_signing_setting smb_sign_client_connections = lp_client_ipc_signing();
 
@@ -1152,8 +1154,9 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 
  ipc_fallback:
        TALLOC_FREE(creds);
-       result = cm_get_ipc_credentials(talloc_tos(), &creds);
-       if (!NT_STATUS_IS_OK(result)) {
+       tmp_status = cm_get_ipc_credentials(talloc_tos(), &creds);
+       if (!NT_STATUS_IS_OK(tmp_status)) {
+               result = tmp_status;
                goto done;
        }
 
@@ -1228,11 +1231,11 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
        }
 
        result = cli_tree_connect(*cli, "IPC$", "IPC", NULL);
-
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(1,("failed tcon_X with %s\n", nt_errstr(result)));
                goto done;
        }
+       tcon_status = result;
 
        /* cache the server name for later connections */
 
@@ -1252,6 +1255,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
        TALLOC_FREE(mutex);
        TALLOC_FREE(creds);
 
+       if (NT_STATUS_IS_OK(result)) {
+               result = tcon_status;
+       }
+
        if (!NT_STATUS_IS_OK(result)) {
                winbind_add_failed_connection_entry(domain, controller, result);
                if ((*cli) != NULL) {