summaryrefslogtreecommitdiff
path: root/source3/auth/auth_domain.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth/auth_domain.c')
-rw-r--r--source3/auth/auth_domain.c33
1 files changed, 23 insertions, 10 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 59b9233a2d..129c486562 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -88,8 +88,7 @@ static NTSTATUS rpc_resolve_dc(const char *server,
way to find it, but until we have a RPC call that does this
it will have to do */
if (!name_status_find("*", 0x20, 0x20, to_ip, remote_machine)) {
- DEBUG(2, ("connect_to_domain_password_server: Can't "
- "resolve name for IP %s\n", server));
+ DEBUG(2, ("rpc_resolve_dc: Can't resolve name for IP %s\n", server));
return NT_STATUS_NO_LOGON_SERVERS;
}
@@ -100,7 +99,7 @@ static NTSTATUS rpc_resolve_dc(const char *server,
fstrcpy(remote_machine, server);
strupper(remote_machine);
if (!resolve_name(remote_machine, dest_ip, 0x20)) {
- DEBUG(1,("connect_to_domain_password_server: Can't resolve address for %s\n",
+ DEBUG(1,("rpc_resolve_dc: Can't resolve address for %s\n",
remote_machine));
return NT_STATUS_NO_LOGON_SERVERS;
}
@@ -126,18 +125,20 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
const char *server,
const char *setup_creds_as,
uint16 sec_chan,
- const unsigned char *trust_passwd)
+ const unsigned char *trust_passwd,
+ BOOL *retry)
{
struct in_addr dest_ip;
fstring remote_machine;
NTSTATUS result;
uint32 neg_flags = 0x000001ff;
- if (lp_security() == SEC_ADS) {
+ *retry = False;
+
+ if (lp_security() == SEC_ADS)
result = ads_resolve_dc(remote_machine, &dest_ip);
- } else {
+ else
result = rpc_resolve_dc(server, remote_machine, &dest_ip);
- }
if (!NT_STATUS_IS_OK(result)) {
DEBUG(2,("connect_to_domain_password_server: unable to resolve DC: %s\n",
@@ -165,12 +166,14 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
* ACCESS_DENIED errors if 2 auths are done from the same machine. JRA.
*/
+ *retry = True;
+
if (!grab_server_mutex(server))
return NT_STATUS_NO_LOGON_SERVERS;
/* Attempt connection */
result = cli_full_connection(cli, global_myname, remote_machine,
- &dest_ip, 0, "IPC$", "IPC", "", "", "",0);
+ &dest_ip, 0, "IPC$", "IPC", "", "", "",0, retry);
if (!NT_STATUS_IS_OK(result)) {
release_server_mutex();
@@ -235,7 +238,10 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
uint16 sec_chan,
const unsigned char *trust_passwd)
{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ BOOL retry = True;
fstring dc_name;
+ int i;
/*
* Ignore addresses we have already tried.
@@ -247,7 +253,10 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
if (!lookup_dc_name(global_myname, domain, ip, dc_name))
return NT_STATUS_NO_LOGON_SERVERS;
- return connect_to_domain_password_server(cli, dc_name, setup_creds_as, sec_chan, trust_passwd);
+ for (i = 0; (!NT_STATUS_IS_OK(ret)) && retry && (i < 3); i++)
+ ret = connect_to_domain_password_server(cli, dc_name, setup_creds_as,
+ sec_chan, trust_passwd, &retry);
+ return ret;
}
/***********************************************************************
@@ -371,7 +380,11 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
if(lp_security() != SEC_ADS && strequal(remote_machine, "*")) {
nt_status = find_connect_pdc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time);
} else {
- nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as, sec_chan, trust_passwd);
+ int i;
+ BOOL retry = False;
+ for (i = 0; !NT_STATUS_IS_OK(nt_status) && retry && (i < 3); i++)
+ nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as,
+ sec_chan, trust_passwd, &retry);
}
}