diff options
-rw-r--r-- | source3/auth/auth_domain.c | 33 | ||||
-rw-r--r-- | source3/client/smbspool.c | 2 | ||||
-rw-r--r-- | source3/include/doserr.h | 47 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 12 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 22 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 2 | ||||
-rw-r--r-- | source3/smbd/change_trust_pw.c | 2 | ||||
-rw-r--r-- | source3/utils/net.c | 4 | ||||
-rw-r--r-- | source3/utils/smbcacls.c | 2 | ||||
-rw-r--r-- | source3/utils/smbtree.c | 2 |
10 files changed, 99 insertions, 29 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 59b9233a2d..129c486562 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -88,8 +88,7 @@ static NTSTATUS rpc_resolve_dc(const char *server, way to find it, but until we have a RPC call that does this it will have to do */ if (!name_status_find("*", 0x20, 0x20, to_ip, remote_machine)) { - DEBUG(2, ("connect_to_domain_password_server: Can't " - "resolve name for IP %s\n", server)); + DEBUG(2, ("rpc_resolve_dc: Can't resolve name for IP %s\n", server)); return NT_STATUS_NO_LOGON_SERVERS; } @@ -100,7 +99,7 @@ static NTSTATUS rpc_resolve_dc(const char *server, fstrcpy(remote_machine, server); strupper(remote_machine); if (!resolve_name(remote_machine, dest_ip, 0x20)) { - DEBUG(1,("connect_to_domain_password_server: Can't resolve address for %s\n", + DEBUG(1,("rpc_resolve_dc: Can't resolve address for %s\n", remote_machine)); return NT_STATUS_NO_LOGON_SERVERS; } @@ -126,18 +125,20 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, const char *server, const char *setup_creds_as, uint16 sec_chan, - const unsigned char *trust_passwd) + const unsigned char *trust_passwd, + BOOL *retry) { struct in_addr dest_ip; fstring remote_machine; NTSTATUS result; uint32 neg_flags = 0x000001ff; - if (lp_security() == SEC_ADS) { + *retry = False; + + if (lp_security() == SEC_ADS) result = ads_resolve_dc(remote_machine, &dest_ip); - } else { + else result = rpc_resolve_dc(server, remote_machine, &dest_ip); - } if (!NT_STATUS_IS_OK(result)) { DEBUG(2,("connect_to_domain_password_server: unable to resolve DC: %s\n", @@ -165,12 +166,14 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, * ACCESS_DENIED errors if 2 auths are done from the same machine. JRA. */ + *retry = True; + if (!grab_server_mutex(server)) return NT_STATUS_NO_LOGON_SERVERS; /* Attempt connection */ result = cli_full_connection(cli, global_myname, remote_machine, - &dest_ip, 0, "IPC$", "IPC", "", "", "",0); + &dest_ip, 0, "IPC$", "IPC", "", "", "",0, retry); if (!NT_STATUS_IS_OK(result)) { release_server_mutex(); @@ -235,7 +238,10 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli, uint16 sec_chan, const unsigned char *trust_passwd) { + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + BOOL retry = True; fstring dc_name; + int i; /* * Ignore addresses we have already tried. @@ -247,7 +253,10 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli, if (!lookup_dc_name(global_myname, domain, ip, dc_name)) return NT_STATUS_NO_LOGON_SERVERS; - return connect_to_domain_password_server(cli, dc_name, setup_creds_as, sec_chan, trust_passwd); + for (i = 0; (!NT_STATUS_IS_OK(ret)) && retry && (i < 3); i++) + ret = connect_to_domain_password_server(cli, dc_name, setup_creds_as, + sec_chan, trust_passwd, &retry); + return ret; } /*********************************************************************** @@ -371,7 +380,11 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, if(lp_security() != SEC_ADS && strequal(remote_machine, "*")) { nt_status = find_connect_pdc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time); } else { - nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as, sec_chan, trust_passwd); + int i; + BOOL retry = False; + for (i = 0; !NT_STATUS_IS_OK(nt_status) && retry && (i < 3); i++) + nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as, + sec_chan, trust_passwd, &retry); } } diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index ecb5c311c5..ff10963533 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -282,7 +282,7 @@ smb_connect(char *workgroup, /* I - Workgroup */ get_myname(myname); nt_status = cli_full_connection(&c, myname, server, NULL, 0, share, "?????", - username, workgroup, password, 0); + username, workgroup, password, 0, NULL); if (!NT_STATUS_IS_OK(nt_status)) { fprintf(stderr, "ERROR: Connection failed with error %s\n", nt_errstr(nt_status)); diff --git a/source3/include/doserr.h b/source3/include/doserr.h index 93936463e6..576aeda2bf 100644 --- a/source3/include/doserr.h +++ b/source3/include/doserr.h @@ -82,13 +82,28 @@ #define ERRnoipc 66 /* don't support ipc */ /* These errors seem to be only returned by the NT printer driver system */ - +#define ERRdriveralreadyinstalled 1795 /* ERROR_PRINTER_DRIVER_ALREADY_INSTALLED */ +#define ERRunknownprinterport 1796 /* ERROR_UNKNOWN_PORT */ #define ERRunknownprinterdriver 1797 /* ERROR_UNKNOWN_PRINTER_DRIVER */ +#define ERRunknownprintprocessor 1798 /* ERROR_UNKNOWN_PRINTPROCESSOR */ +#define ERRinvalidseparatorfile 1799 /* ERROR_INVALID_SEPARATOR_FILE */ +#define ERRinvalidjobpriority 1800 /* ERROR_INVALID_PRIORITY */ #define ERRinvalidprintername 1801 /* ERROR_INVALID_PRINTER_NAME */ #define ERRprinteralreadyexists 1802 /* ERROR_PRINTER_ALREADY_EXISTS */ +#define ERRinvalidprintercommand 1803 /* ERROR_INVALID_PRINTER_COMMAND */ #define ERRinvaliddatatype 1804 /* ERROR_INVALID_DATATYPE */ #define ERRinvalidenvironment 1805 /* ERROR_INVALID_ENVIRONMENT */ + +#define ERRunknownprintmonitor 3000 /* ERROR_UNKNOWN_PRINT_MONITOR */ #define ERRprinterdriverinuse 3001 /* ERROR_PRINTER_DRIVER_IN_USE */ +#define ERRspoolfilenotfound 3002 /* ERROR_SPOOL_FILE_NOT_FOUND */ +#define ERRnostartdoc 3003 /* ERROR_SPL_NO_STARTDOC */ +#define ERRnoaddjob 3004 /* ERROR_SPL_NO_ADDJOB */ +#define ERRprintprocessoralreadyinstalled 3005 /* ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED */ +#define ERRprintmonitoralreadyinstalled 3006 /* ERROR_PRINT_MONITOR_ALREADY_INSTALLED */ +#define ERRinvalidprintmonitor 3007 /* ERROR_INVALID_PRINT_MONITOR */ +#define ERRprintmonitorinuse 3008 /* ERROR_PRINT_MONITOR_IN_USE */ +#define ERRprinterhasjobsqueued 3009 /* ERROR_PRINTER_HAS_JOBS_QUEUED */ /* Error codes for the ERRSRV class */ @@ -171,20 +186,38 @@ #define WERR_CAN_NOT_COMPLETE W_ERROR(1003) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_SERVER_UNAVAILABLE W_ERROR(1722) -#define WERR_UNKNOWN_PRINTER_DRIVER W_ERROR(1797) -#define WERR_INVALID_PRINTER_NAME W_ERROR(1801) -#define WERR_PRINTER_ALREADY_EXISTS W_ERROR(1802) -#define WERR_INVALID_DATATYPE W_ERROR(1804) -#define WERR_INVALID_ENVIRONMENT W_ERROR(1805) #define WERR_INVALID_FORM_NAME W_ERROR(1902) #define WERR_INVALID_FORM_SIZE W_ERROR(1903) #define WERR_BUF_TOO_SMALL W_ERROR(2123) #define WERR_JOB_NOT_FOUND W_ERROR(2151) #define WERR_DEST_NOT_FOUND W_ERROR(2152) #define WERR_NOT_LOCAL_DOMAIN W_ERROR(2320) -#define WERR_PRINTER_DRIVER_IN_USE W_ERROR(3001) #define WERR_STATUS_MORE_ENTRIES W_ERROR(0x0105) +#define WERR_PRINTER_DRIVER_ALREADY_INSTALLED W_ERROR(ERRdriveralreadyinstalled) +#define WERR_UNKNOWN_PORT W_ERROR(ERRunknownprinterport) +#define WERR_UNKNOWN_PRINTER_DRIVER W_ERROR(ERRunknownprinterdriver) +#define WERR_UNKNOWN_PRINTPROCESSOR W_ERROR(ERRunknownprintprocessor) +#define WERR_INVALID_SEPARATOR_FILE W_ERROR(ERRinvalidseparatorfile) +#define WERR_INVALID_PRIORITY W_ERROR(ERRinvalidjobpriority) +#define WERR_INVALID_PRINTER_NAME W_ERROR(ERRinvalidprintername) +#define WERR_PRINTER_ALREADY_EXISTS W_ERROR(ERRprinteralreadyexists) +#define WERR_INVALID_PRINTER_COMMAND W_ERROR(ERRinvalidprintercommand) +#define WERR_INVALID_DATATYPE W_ERROR(ERRinvaliddatatype) +#define WERR_INVALID_ENVIRONMENT W_ERROR(ERRinvalidenvironment) + +#define WERR_UNKNOWN_PRINT_MONITOR W_ERROR(ERRunknownprintmonitor) +#define WERR_PRINTER_DRIVER_IN_USE W_ERROR(ERRprinterdriverinuse) +#define WERR_SPOOL_FILE_NOT_FOUND W_ERROR(ERRspoolfilenotfound) +#define WERR_SPL_NO_STARTDOC W_ERROR(ERRnostartdoc) +#define WERR_SPL_NO_ADDJOB W_ERROR(ERRnoaddjob) +#define WERR_PRINT_PROCESSOR_ALREADY_INSTALLED W_ERROR(ERRprintprocessoralreadyinstalled) +#define WERR_PRINT_MONITOR_ALREADY_INSTALLED W_ERROR(ERRprintmonitoralreadyinstalled) +#define WERR_INVALID_PRINT_MONITOR W_ERROR(ERRinvalidprintmonitor) +#define WERR_PRINT_MONITOR_IN_USE W_ERROR(ERRprintmonitorinuse) +#define WERR_PRINTER_HAS_JOBS_QUEUED W_ERROR(ERRprinterhasjobsqueued) + + /* DFS errors */ #ifndef NERR_BASE diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index f005ac21f3..6a21121f43 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1153,6 +1153,7 @@ static void init_creds(struct ntuser_creds *creds, char* username, @param user Username, unix string @param domain User's domain @param password User's password, unencrypted unix string. + @param retry BOOL. Did this connection fail with a retryable error ? */ NTSTATUS cli_full_connection(struct cli_state **output_cli, @@ -1161,7 +1162,8 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, struct in_addr *dest_ip, int port, char *service, char *service_type, char *user, char *domain, - char *password, int flags) + char *password, int flags, + BOOL *retry) { struct ntuser_creds creds; NTSTATUS nt_status; @@ -1171,6 +1173,9 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, struct in_addr ip; extern pstring global_myname; + if (retry) + *retry = False; + if (!my_name) my_name = global_myname; @@ -1185,6 +1190,8 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, return NT_STATUS_UNSUCCESSFUL; } + cli_set_timeout(cli, 10000); /* 10 seconds. */ + if (dest_ip) ip = *dest_ip; else @@ -1201,6 +1208,9 @@ again: return NT_STATUS_UNSUCCESSFUL; } + if (retry) + *retry = True; + if (!cli_session_request(cli, &calling, &called)) { char *p; DEBUG(1,("session request to %s failed (%s)\n", diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index cb1779f590..5f477c78f7 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -392,6 +392,8 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index, NTSTATUS result; char *ipc_username, *ipc_domain, *ipc_password; struct in_addr dc_ip; + int i; + BOOL retry = True; ZERO_STRUCT(dc_ip); @@ -446,10 +448,22 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index, DEBUG(5, ("connecting to %s from %s with username [%s]\\[%s]\n", new_conn->controller, global_myname, ipc_domain, ipc_username)); - result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, - &dc_ip, 0, "IPC$", - "IPC", ipc_username, ipc_domain, - ipc_password, 0); + for (i = 0; retry && (i < 3); i++) { + + if (!secrets_named_mutex(new_conn->controller, 10)) { + DEBUG(0,("cm_open_connection: mutex grab failed for %s\n", new_conn->controller)); + continue; + } + + result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, + &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, + ipc_password, 0, &retry); + + secrets_named_mutex_release(new_conn->controller); + + if (NT_STATUS_IS_OK(result)) + break; + } SAFE_FREE(ipc_username); SAFE_FREE(ipc_domain); diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 5aa8d2359f..e23140bdb0 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -723,7 +723,7 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) &server_ip, 0, "IPC$", "IPC", username, domain, - password, 0); + password, 0, NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 4b2944a96f..5da735e875 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -50,7 +50,7 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, NULL, 0, "IPC$", "IPC", "", "", - "", 0))) { + "", 0, NULL))) { DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/utils/net.c b/source3/utils/net.c index b3b72e2465..d38ca58622 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -121,7 +121,7 @@ NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip, server_ip, opt_port, "IPC$", "IPC", opt_user_name, opt_workgroup, - opt_password, 0); + opt_password, 0, NULL); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -151,7 +151,7 @@ NTSTATUS connect_to_ipc_anonymous(struct cli_state **c, server_ip, opt_port, "IPC$", "IPC", "", "", - "", 0); + "", 0, NULL); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 2e8317f05a..940187407c 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -722,7 +722,7 @@ static struct cli_state *connect_one(char *share) &ip, 0, share, "?????", username, global_myworkgroup, - password, 0))) { + password, 0, NULL))) { return c; } else { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index b733f8112f..940120d644 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -100,7 +100,7 @@ static struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC", user_info->username, lp_workgroup(), user_info->password, - CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK); + CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK, NULL); if (NT_STATUS_IS_OK(nt_status)) { return cli; |