summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-09-24 01:22:59 +0000
committerGerald Carter <jerry@samba.org>2003-09-24 01:22:59 +0000
commit6d3af0eff0633a70f726de79f6fcb4a12e87b4d1 (patch)
tree8746834aa65abc9ad13506ccb5d41f981e3d7d68
parent955507a7ed02b8211aa3e6fee840cab185aabd89 (diff)
downloadsamba-6d3af0eff0633a70f726de79f6fcb4a12e87b4d1.tar.gz
samba-6d3af0eff0633a70f726de79f6fcb4a12e87b4d1.tar.bz2
samba-6d3af0eff0633a70f726de79f6fcb4a12e87b4d1.zip
fixing a bug in the retry loop for winbindd_pam_auth[_crap]()
(This used to be commit a83266a927b81a9f7a62b211793faaf8d401767c)
-rw-r--r--source3/nsswitch/winbindd_pam.c40
1 files changed, 25 insertions, 15 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index ea2868b2cf..d696428de4 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -65,7 +65,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
time_t last_change_time;
uint32 sec_channel_type;
NET_USER_INFO_3 info3;
- struct cli_state *cli;
+ struct cli_state *cli = NULL;
uchar chal[8];
TALLOC_CTX *mem_ctx = NULL;
DATA_BLOB lm_resp;
@@ -128,7 +128,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
do {
ZERO_STRUCT(info3);
ZERO_STRUCT(ret_creds);
- cli = NULL;
retry = False;
/* Don't shut this down - it belongs to the connection cache code */
@@ -148,8 +147,17 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
&info3);
attempts += 1;
+ /* We have to try a second time as cm_get_netlogon_cli
+ might not yet have noticed that the DC has killed
+ our connection. */
+
+ if ( cli->fd == -1 ) {
+ retry = True;
+ continue;
+ }
+
/* if we get access denied, a possible cuase was that we had and open
- connection to the DC, but someone changed our machine accoutn password
+ connection to the DC, but someone changed our machine account password
out from underneath us using 'net rpc changetrustpw' */
if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) ) {
@@ -158,12 +166,9 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
name_domain));
winbindd_cm_flush();
retry = True;
+ cli = NULL;
}
- /* We have to try a second time as cm_get_netlogon_cli
- might not yet have noticed that the DC has killed
- our connection. */
-
} while ( (attempts < 2) && retry );
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);
@@ -206,7 +211,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
time_t last_change_time;
uint32 sec_channel_type;
NET_USER_INFO_3 info3;
- struct cli_state *cli;
+ struct cli_state *cli = NULL;
TALLOC_CTX *mem_ctx = NULL;
char *user = NULL;
const char *domain = NULL;
@@ -301,7 +306,6 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
do {
ZERO_STRUCT(info3);
ZERO_STRUCT(ret_creds);
- cli = NULL;
retry = False;
/* Don't shut this down - it belongs to the connection cache code */
@@ -323,8 +327,17 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
attempts += 1;
- /* if we get access denied, a possible cuase was that we had and open
- connection to the DC, but someone changed our machine accoutn password
+ /* We have to try a second time as cm_get_netlogon_cli
+ might not yet have noticed that the DC has killed
+ our connection. */
+
+ if ( cli->fd == -1 ) {
+ retry = True;
+ continue;
+ }
+
+ /* if we get access denied, a possible cause was that we had and open
+ connection to the DC, but someone changed our machine account password
out from underneath us using 'net rpc changetrustpw' */
if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) ) {
@@ -333,12 +346,9 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
domain));
winbindd_cm_flush();
retry = True;
+ cli = NULL;
}
- /* We have to try a second time as cm_get_netlogon_cli
- might not yet have noticed that the DC has killed
- our connection. */
-
} while ( (attempts < 2) && retry );
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);