From 276d604aa5ccc32d18b69c04ae13e2dc7c21f3ee Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Thu, 7 Jan 2016 15:03:22 -0700 Subject: [PATCH] winbindd: Retry on expired session in cm_connect_sam BUG: https://bugzilla.samba.org/show_bug.cgi?id=11670 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison --- source3/winbindd/winbindd_cm.c | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 35fd89abec3..c0891ce8303 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2683,6 +2683,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, NTSTATUS status, result; struct netlogon_creds_cli_context *p_creds; struct cli_credentials *creds = NULL; + bool retry = false; /* allow one retry attempt for expired session */ if (sid_check_is_our_sam(&domain->sid)) { if (domain->rodc == false || need_rw_dc == false) { @@ -2690,6 +2691,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } } +retry: status = init_dc_connection_rpc(domain, need_rw_dc); if (!NT_STATUS_IS_OK(status)) { return status; @@ -2733,6 +2735,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, smbXcli_conn_remote_name(conn->cli->conn), creds, &conn->samr_pipe); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) + && !retry) { + invalidate_cm_connection(domain); + retry = true; + goto retry; + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("cm_connect_sam: failed to connect to SAMR " "pipe for domain %s using NTLMSSP " @@ -2753,6 +2763,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, SEC_FLAG_MAXIMUM_ALLOWED, &conn->sam_connect_handle, &result); + + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR) && !retry) { + invalidate_cm_connection(domain); + TALLOC_FREE(conn->samr_pipe); + retry = true; + goto retry; + } + if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) { goto open_domain; } @@ -2790,6 +2808,13 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, (conn->cli, &ndr_table_samr, NCACN_NP, creds, p_creds, &conn->samr_pipe); + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) + && !retry) { + invalidate_cm_connection(domain); + retry = true; + goto retry; + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("cm_connect_sam: failed to connect to SAMR pipe for " "domain %s using schannel. Error was %s\n", @@ -2804,6 +2829,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, SEC_FLAG_MAXIMUM_ALLOWED, &conn->sam_connect_handle, &result); + + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR) && !retry) { + invalidate_cm_connection(domain); + TALLOC_FREE(conn->samr_pipe); + retry = true; + goto retry; + } + if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) { goto open_domain; } @@ -2830,6 +2863,13 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr, &conn->samr_pipe); + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) + && !retry) { + invalidate_cm_connection(domain); + retry = true; + goto retry; + } + if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -2839,6 +2879,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, SEC_FLAG_MAXIMUM_ALLOWED, &conn->sam_connect_handle, &result); + + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR) && !retry) { + invalidate_cm_connection(domain); + TALLOC_FREE(conn->samr_pipe); + retry = true; + goto retry; + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed " "for domain %s Error was %s\n", -- 2.34.1