s3: Make winbind recover from a signing error

When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.

Fix bug #7800 (winbind does not recover from smb signing errors).
(cherry picked from commit 8c2493ff2e646928035ec7296f4451f09390f6aa)

diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index e683e375d9ad442d80528b5ed3879627dc391ac6..0336ff226c800b4e75b2239ed2cd030bdf4c1348 100644 (file)
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -848,6 +848,8 @@ static NTSTATUS validate_smb_crypto(struct cli_state *cli, char *pdu)
 
        if (!cli_check_sign_mac(cli, pdu)) {
                DEBUG(10, ("cli_check_sign_mac failed\n"));
+               close(cli->fd);
+               cli->fd = -1;
                return NT_STATUS_ACCESS_DENIED;
        }