From 660190632e4f8ace65f4944f4686ea42444056c0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 20 Dec 2010 16:22:02 +0100
Subject: s3: Always retry the DC connection in auth_domain

The only condition that cli_full_connection marks as non-retryable is the basic
name lookup and TCP connect. To me this is pretty fishy. For example if the
negprot fails, this is supposed to be more retryable than a NetBIOS name lookup
failure? I'd rather think the opposite is true.

Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from
back then, let me know :-)

Volker
---
 source3/auth/auth_domain.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index cac482c3d0..c9eaa64d36 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -113,8 +113,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
 						const char *domain,
 						const char *dc_name,
 						struct sockaddr_storage *dc_ss, 
-						struct rpc_pipe_client **pipe_ret,
-						bool *retry)
+						struct rpc_pipe_client **pipe_ret)
 {
         NTSTATUS result;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -143,9 +142,8 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
 	}
 
 	/* Attempt connection */
-	*retry = True;
 	result = cli_full_connection(cli, global_myname(), dc_name, dc_ss, 0, 
-		"IPC$", "IPC", "", "", "", 0, Undefined, retry);
+		"IPC$", "IPC", "", "", "", 0, Undefined, NULL);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		/* map to something more useful */
@@ -267,7 +265,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 	NTSTATUS nt_status = NT_STATUS_NO_LOGON_SERVERS;
 	int i;
-	bool retry = True;
 
 	/*
 	 * At this point, smb_apasswd points to the lanman response to
@@ -279,13 +276,12 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 
 	/* rety loop for robustness */
 
-	for (i = 0; !NT_STATUS_IS_OK(nt_status) && retry && (i < 3); i++) {
+	for (i = 0; !NT_STATUS_IS_OK(nt_status) && (i < 3); i++) {
 		nt_status = connect_to_domain_password_server(&cli,
 							domain,
 							dc_name,
 							dc_ss,
-							&netlogon_pipe,
-							&retry);
+							&netlogon_pipe);
 	}
 
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
-- 
cgit