winbindd: Retry on expired session in cm_connect_sam

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11670

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 35fd89abec316aaa03f5c743da05b7c913c7ebfd..c0891ce83036a88382e984666f658718cbd63347 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2683,6 +2683,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        NTSTATUS status, result;
        struct netlogon_creds_cli_context *p_creds;
        struct cli_credentials *creds = NULL;
+       bool retry = false; /* allow one retry attempt for expired session */
 
        if (sid_check_is_our_sam(&domain->sid)) {
                if (domain->rodc == false || need_rw_dc == false) {
@@ -2690,6 +2691,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                }
        }
 
+retry:
        status = init_dc_connection_rpc(domain, need_rw_dc);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
@@ -2733,6 +2735,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                                              smbXcli_conn_remote_name(conn->cli->conn),
                                              creds,
                                              &conn->samr_pipe);
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)
+           && !retry) {
+               invalidate_cm_connection(domain);
+               retry = true;
+               goto retry;
+       }
+
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10,("cm_connect_sam: failed to connect to SAMR "
                          "pipe for domain %s using NTLMSSP "
@@ -2753,6 +2763,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                                      SEC_FLAG_MAXIMUM_ALLOWED,
                                      &conn->sam_connect_handle,
                                      &result);
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR) && !retry) {
+               invalidate_cm_connection(domain);
+               TALLOC_FREE(conn->samr_pipe);
+               retry = true;
+               goto retry;
+       }
+
        if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
                goto open_domain;
        }
@@ -2790,6 +2808,13 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                (conn->cli, &ndr_table_samr, NCACN_NP,
                 creds, p_creds, &conn->samr_pipe);
 
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)
+           && !retry) {
+               invalidate_cm_connection(domain);
+               retry = true;
+               goto retry;
+       }
+
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10,("cm_connect_sam: failed to connect to SAMR pipe for "
                          "domain %s using schannel. Error was %s\n",
@@ -2804,6 +2829,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                                      SEC_FLAG_MAXIMUM_ALLOWED,
                                      &conn->sam_connect_handle,
                                      &result);
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR) && !retry) {
+               invalidate_cm_connection(domain);
+               TALLOC_FREE(conn->samr_pipe);
+               retry = true;
+               goto retry;
+       }
+
        if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
                goto open_domain;
        }
@@ -2830,6 +2863,13 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr,
                                          &conn->samr_pipe);
 
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)
+           && !retry) {
+               invalidate_cm_connection(domain);
+               retry = true;
+               goto retry;
+       }
+
        if (!NT_STATUS_IS_OK(status)) {
                goto done;
        }
@@ -2839,6 +2879,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                                      SEC_FLAG_MAXIMUM_ALLOWED,
                                      &conn->sam_connect_handle,
                                      &result);
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR) && !retry) {
+               invalidate_cm_connection(domain);
+               TALLOC_FREE(conn->samr_pipe);
+               retry = true;
+               goto retry;
+       }
+
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed "
                          "for domain %s Error was %s\n",