diff options
author | Günther Deschner <gd@samba.org> | 2012-11-29 12:03:16 +0100 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2012-11-30 11:49:50 +0100 |
commit | cd517743166c55f3a9eb8b5232e9de061b9c8307 (patch) | |
tree | aae417f9514216ffde30213c42992f98fad8b54b | |
parent | 82ace10492c7f71294ece4814817015cb0786bc1 (diff) | |
download | samba-cd517743166c55f3a9eb8b5232e9de061b9c8307.tar.gz samba-cd517743166c55f3a9eb8b5232e9de061b9c8307.tar.bz2 samba-cd517743166c55f3a9eb8b5232e9de061b9c8307.zip |
s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r-- | source3/winbindd/winbindd_msrpc.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index f772428383..03b919f35a 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1079,24 +1079,20 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct policy_handle lsa_policy; unsigned int orig_timeout; bool use_lookupsids3 = false; + bool retried = false; - if (domain->can_do_ncacn_ip_tcp) { - status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); - if (NT_STATUS_IS_OK(status)) { - use_lookupsids3 = true; - goto lookup; - } - domain->can_do_ncacn_ip_tcp = false; - } - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - + connect: + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } - lookup: b = cli->binding_handle; + if (cli->transport->transport == NCACN_IP_TCP) { + use_lookupsids3 = true; + } + /* * This call can take a long time * allow the server to time out. @@ -1119,7 +1115,8 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, dcerpc_binding_handle_set_timeout(b, orig_timeout); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || - NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1127,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, * a netlogon connection first. */ invalidate_cm_connection(&domain->conn); + domain->can_do_ncacn_ip_tcp = domain->active_directory; + if (!retried) { + retried = true; + goto connect; + } status = NT_STATUS_ACCESS_DENIED; } |