s3:winbindd_cm: don't invalidate the whole connection when just samr gave ACCCESS_DENIED

author Stefan Metzmacher <metze@sernet.de>

Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 8 Oct 2009 07:39:44 +0000 (09:39 +0200)
author Stefan Metzmacher <metze@sernet.de>
Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 8 Oct 2009 07:39:44 +0000 (09:39 +0200)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c

index 31623625731c68843d7546c4da7fa936cc9468d5..32afe40cae61ccfbf97081bb329d5ef342173634 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2155,7 +2155,18 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
  
   done:
  
-       if (!NT_STATUS_IS_OK(result)) {
+       if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
+               /*
+                * if we got access denied, we might just have no access rights
+                * to talk to the remote samr server server (e.g. when we are a
+                * PDC and we are connecting a w2k8 pdc via an interdomain
+                * trust). In that case do not invalidate the whole connection
+                * stack
+                */
+               TALLOC_FREE(conn->samr_pipe);
+               ZERO_STRUCT(conn->sam_domain_handle);
+               return result;
+       } else if (!NT_STATUS_IS_OK(result)) {
                 invalidate_cm_connection(conn);
                 return result;
         }
author	Stefan Metzmacher <metze@sernet.de>
	Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 8 Oct 2009 07:39:44 +0000 (09:39 +0200)