s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names...

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31)

diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 3ac13b0e3d11f55ea6b52e300a1af68aac9128f3..2926bd65e227d2363a30a3973d85d543123ee2da 100644 (file)
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -954,16 +954,13 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
        /* And restore our original timeout. */
        dcerpc_binding_handle_set_timeout(b, orig_timeout);
 
-       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+       if (reset_cm_connection_on_error(domain, b, status)) {
                /*
                 * This can happen if the schannel key is not
                 * valid anymore, we need to invalidate the
                 * all connections to the dc and reestablish
                 * a netlogon connection first.
                 */
-               invalidate_cm_connection(domain);
                domain->can_do_ncacn_ip_tcp = domain->active_directory;
                if (!retried) {
                        retried = true;
@@ -1033,16 +1030,13 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
        /* And restore our original timeout. */
        dcerpc_binding_handle_set_timeout(b, orig_timeout);
 
-       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+       if (reset_cm_connection_on_error(domain, b, status)) {
                /*
                 * This can happen if the schannel key is not
                 * valid anymore, we need to invalidate the
                 * all connections to the dc and reestablish
                 * a netlogon connection first.
                 */
-               invalidate_cm_connection(domain);
                if (!retried) {
                        retried = true;
                        goto connect;