s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names...

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 3233846ca3f1f2b8d3c5f3429a7fc4ecca3ce885..a7bd9be4377b36b176f419a79d297d1d9eaf4eb1 100644 (file)
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -1008,16 +1008,13 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
        /* And restore our original timeout. */
        dcerpc_binding_handle_set_timeout(b, orig_timeout);
 
-       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+       if (reset_cm_connection_on_error(domain, b, status)) {
                /*
                 * This can happen if the schannel key is not
                 * valid anymore, we need to invalidate the
                 * all connections to the dc and reestablish
                 * a netlogon connection first.
                 */
-               invalidate_cm_connection(domain);
                domain->can_do_ncacn_ip_tcp = domain->active_directory;
                if (!retried) {
                        retried = true;
@@ -1087,16 +1084,13 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
        /* And restore our original timeout. */
        dcerpc_binding_handle_set_timeout(b, orig_timeout);
 
-       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
-           NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+       if (reset_cm_connection_on_error(domain, b, status)) {
                /*
                 * This can happen if the schannel key is not
                 * valid anymore, we need to invalidate the
                 * all connections to the dc and reestablish
                 * a netlogon connection first.
                 */
-               invalidate_cm_connection(domain);
                if (!retried) {
                        retried = true;
                        goto connect;