winbind: Retry after SESSION_EXPIRED error in ping-dc

Trying to establish a netlogon connection when the service ticket
expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The
underlying client code already marks the session as invalid, so retry
the netlogon connect in this case.

Signed-off-by: Christof Schmit <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan  6 02:58:57 CET 2015 on sn-devel-104
(cherry picked from commit a2670f15dea27c10e3827216adf572f9c3894f85)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034

diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 2a78bd5b98ce3c40566d2a402a4568d3b134bc92..22dfbb734f26af589371d554e61b0780da369e6f 100644 (file)
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -696,6 +696,14 @@ NTSTATUS _wbint_PingDc(struct pipes_struct *p, struct wbint_PingDc *r)
 
 reconnect:
        status = cm_connect_netlogon(domain, &netlogon_pipe);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+               /*
+                * Retry to open new connection with new kerberos ticket.
+                */
+               invalidate_cm_connection(&domain->conn);
+               status = cm_connect_netlogon(domain, &netlogon_pipe);
+       }
+
        reset_cm_connection_on_error(domain, status);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(3, ("could not open handle to NETLOGON pipe\n"));