From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 4 Jul 2023 10:32:34 +0000 (+0200)
Subject: s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names... 
X-Git-Tag: samba-4.17.9~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0afed23bcd2b18e811a3d63c45699e85ba3c9835;p=thirdparty%2Fsamba.git

s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31)
---

diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 3ac13b0e3d1..2926bd65e22 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -954,16 +954,13 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
 	/* And restore our original timeout. */
 	dcerpc_binding_handle_set_timeout(b, orig_timeout);
 
-	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
-	    NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
-	    NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+	if (reset_cm_connection_on_error(domain, b, status)) {
 		/*
 		 * This can happen if the schannel key is not
 		 * valid anymore, we need to invalidate the
 		 * all connections to the dc and reestablish
 		 * a netlogon connection first.
 		 */
-		invalidate_cm_connection(domain);
 		domain->can_do_ncacn_ip_tcp = domain->active_directory;
 		if (!retried) {
 			retried = true;
@@ -1033,16 +1030,13 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
 	/* And restore our original timeout. */
 	dcerpc_binding_handle_set_timeout(b, orig_timeout);
 
-	if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
-	    NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
-	    NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+	if (reset_cm_connection_on_error(domain, b, status)) {
 		/*
 		 * This can happen if the schannel key is not
 		 * valid anymore, we need to invalidate the
 		 * all connections to the dc and reestablish
 		 * a netlogon connection first.
 		 */
-		invalidate_cm_connection(domain);
 		if (!retried) {
 			retried = true;
 			goto connect;