s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().

Fallback to lsa named-pipe connection when tcp connection has failed twice (it
could be a trusted domain connection where we cannot setup a secure channel).

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 9cb3717911f8a7b81a3622e5670f33ff0ce23cac..c502e8394c9f9ef46d625f14286c87991f733e27 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2589,11 +2589,16 @@ NTSTATUS cm_connect_lsat(struct winbindd_domain *domain,
                        invalidate_cm_connection(&domain->conn);
                        status = cm_connect_lsa_tcp(domain, mem_ctx, cli);
                }
-               if (!NT_STATUS_IS_OK(status)) {
+               if (NT_STATUS_IS_OK(status)) {
                        return status;
                }
 
-               return NT_STATUS_OK;
+               /*
+                * we tried twice to connect via ncan_ip_tcp and schannel and
+                * failed - maybe it is a trusted domain we can't connect to ?
+                * do not try tcp next time - gd
+                */
+               domain->can_do_ncacn_ip_tcp = false;
        }
 
        status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy);