s3: Make winbind recover from a signing error

When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.

diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index e5f5c6f04c3ad35adf52c1fbcee3966d5e6726a3..0e1379a00f038b9696924bd55a88581b41a58640 100644 (file)
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -857,6 +857,8 @@ static NTSTATUS validate_smb_crypto(struct cli_state *cli, char *pdu)
 
        if (!cli_check_sign_mac(cli, pdu)) {
                DEBUG(10, ("cli_check_sign_mac failed\n"));
+               close(cli->fd);
+               cli->fd = -1;
                return NT_STATUS_ACCESS_DENIED;
        }