sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-20 22:50:26 +03:00
Code

s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()

Browse Source 
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31)
This commit is contained in:
Stefan Metzmacher 2023-07-04 12:32:34 +02:00 committed by Jule Anger
parent 62507b112e
commit 0afed23bcd
1 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source3/winbindd/winbindd_msrpc.c
View File

@ -954,16 +954,13 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
if (reset_cm_connection_on_error(domain, b, status)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
* all connections to the dc and reestablish
* a netlogon connection first.
*/
invalidate_cm_connection(domain);
domain->can_do_ncacn_ip_tcp = domain->active_directory;
if (!retried) {
retried = true;
@ -1033,16 +1030,13 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
if (reset_cm_connection_on_error(domain, b, status)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
* all connections to the dc and reestablish
* a netlogon connection first.
*/
invalidate_cm_connection(domain);
if (!retried) {
retried = true;
goto connect;