s3:winbindd_cm: don't invalidate the whole connection when just samr gave ACCCESS_DENIED

author Stefan Metzmacher <metze@sernet.de>

Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)

committer Stefan Metzmacher <metze@samba.org>

Fri, 25 Sep 2009 06:18:45 +0000 (08:18 +0200)
author Stefan Metzmacher <metze@sernet.de>
Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)
committer Stefan Metzmacher <metze@samba.org>
Fri, 25 Sep 2009 06:18:45 +0000 (08:18 +0200)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c

index 05df19fd0ca53c947392d84c59a56b2a176566a4..9a788397a99a78b5d10c61c1088071c186fe6ec6 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2165,7 +2165,18 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
  
   done:
  
-       if (!NT_STATUS_IS_OK(result)) {
+       if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
+               /*
+                * if we got access denied, we might just have no access rights
+                * to talk to the remote samr server server (e.g. when we are a
+                * PDC and we are connecting a w2k8 pdc via an interdomain
+                * trust). In that case do not invalidate the whole connection
+                * stack
+                */
+               TALLOC_FREE(conn->samr_pipe);
+               ZERO_STRUCT(conn->sam_domain_handle);
+               return result;
+       } else if (!NT_STATUS_IS_OK(result)) {
                 invalidate_cm_connection(conn);
                 return result;
         }
author	Stefan Metzmacher <metze@sernet.de>
	Thu, 24 Sep 2009 19:35:38 +0000 (21:35 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 25 Sep 2009 06:18:45 +0000 (08:18 +0200)