summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2012-11-29 12:03:16 +0100
committerAndreas Schneider <asn@samba.org>2012-11-30 11:49:50 +0100
commitcd517743166c55f3a9eb8b5232e9de061b9c8307 (patch)
treeaae417f9514216ffde30213c42992f98fad8b54b
parent82ace10492c7f71294ece4814817015cb0786bc1 (diff)
downloadsamba-cd517743166c55f3a9eb8b5232e9de061b9c8307.tar.gz
samba-cd517743166c55f3a9eb8b5232e9de061b9c8307.tar.bz2
samba-cd517743166c55f3a9eb8b5232e9de061b9c8307.zip
s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r--source3/winbindd/winbindd_msrpc.c26
1 files changed, 14 insertions, 12 deletions
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index f772428383..03b919f35a 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -1079,24 +1079,20 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
struct policy_handle lsa_policy;
unsigned int orig_timeout;
bool use_lookupsids3 = false;
+ bool retried = false;
- if (domain->can_do_ncacn_ip_tcp) {
- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
- if (NT_STATUS_IS_OK(status)) {
- use_lookupsids3 = true;
- goto lookup;
- }
- domain->can_do_ncacn_ip_tcp = false;
- }
- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
-
+ connect:
+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- lookup:
b = cli->binding_handle;
+ if (cli->transport->transport == NCACN_IP_TCP) {
+ use_lookupsids3 = true;
+ }
+
/*
* This call can take a long time
* allow the server to time out.
@@ -1119,7 +1115,8 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
@@ -1127,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
* a netlogon connection first.
*/
invalidate_cm_connection(&domain->conn);
+ domain->can_do_ncacn_ip_tcp = domain->active_directory;
+ if (!retried) {
+ retried = true;
+ goto connect;
+ }
status = NT_STATUS_ACCESS_DENIED;
}