lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off

Best reviewed with `git show -b`

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 11:49:23 UTC 2022 on sn-devel-184

1 files changed, 63 insertions, 56 deletions

diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index de2992d3c32..9f4e964f289 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -990,68 +990,75 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
 		skip_password_callback = true;
 		break;
 	}
-	case OPT_CLIENT_PROTECTION:
-		if (arg != NULL) {
-			uint32_t gensec_features;
-			enum smb_signing_setting signing_state =
-				SMB_SIGNING_OFF;
-			enum smb_encryption_setting encryption_state =
-				SMB_ENCRYPTION_OFF;
-
-			gensec_features =
-				cli_credentials_get_gensec_features(
-						creds);
-
-			if (strequal(arg, "off")) {
-				gensec_features &=
-					~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL);
-
-				signing_state = SMB_SIGNING_OFF;
-				encryption_state = SMB_ENCRYPTION_OFF;
-			} else if (strequal(arg, "sign")) {
-				gensec_features |= GENSEC_FEATURE_SIGN;
-
-				signing_state = SMB_SIGNING_REQUIRED;
-				encryption_state = SMB_ENCRYPTION_OFF;
-			} else if (strequal(arg, "encrypt")) {
-				gensec_features |= GENSEC_FEATURE_SEAL;
-
-				signing_state = SMB_SIGNING_REQUIRED;
-				encryption_state = SMB_ENCRYPTION_REQUIRED;
-			} else {
-				fprintf(stderr,
-					"Failed to parse --client-protection\n");
-				exit(1);
-			}
+	case OPT_CLIENT_PROTECTION: {
+		uint32_t gensec_features;
+		enum smb_signing_setting signing_state =
+			SMB_SIGNING_OFF;
+		enum smb_encryption_setting encryption_state =
+			SMB_ENCRYPTION_OFF;
 
-			ok = cli_credentials_set_gensec_features(creds,
-								 gensec_features,
-								 CRED_SPECIFIED);
-			if (!ok) {
-				fprintf(stderr,
-					"Failed to set gensec feature!\n");
-				exit(1);
-			}
+		if (arg == NULL) {
+			fprintf(stderr,
+				"Failed to parse "
+				"--client-protection=sign|encrypt|off: "
+				"Missing argument\n");
+			exit(1);
+		}
 
-			ok = cli_credentials_set_smb_signing(creds,
-							     signing_state,
-							     CRED_SPECIFIED);
-			if (!ok) {
-				fprintf(stderr,
-					"Failed to set smb signing!\n");
-				exit(1);
-			}
+		gensec_features =
+			cli_credentials_get_gensec_features(
+					creds);
+
+		if (strequal(arg, "off")) {
+			gensec_features &=
+				~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL);
+
+			signing_state = SMB_SIGNING_OFF;
+			encryption_state = SMB_ENCRYPTION_OFF;
+		} else if (strequal(arg, "sign")) {
+			gensec_features |= GENSEC_FEATURE_SIGN;
 
-			ok = cli_credentials_set_smb_encryption(creds,
-								encryption_state,
+			signing_state = SMB_SIGNING_REQUIRED;
+			encryption_state = SMB_ENCRYPTION_OFF;
+		} else if (strequal(arg, "encrypt")) {
+			gensec_features |= GENSEC_FEATURE_SEAL;
+
+			signing_state = SMB_SIGNING_REQUIRED;
+			encryption_state = SMB_ENCRYPTION_REQUIRED;
+		} else {
+			fprintf(stderr,
+				"Failed to parse --client-protection\n");
+			exit(1);
+		}
+
+		ok = cli_credentials_set_gensec_features(creds,
+								gensec_features,
 								CRED_SPECIFIED);
-			if (!ok) {
-				fprintf(stderr,
-					"Failed to set smb encryption!\n");
-				exit(1);
-			}
+		if (!ok) {
+			fprintf(stderr,
+				"Failed to set gensec feature!\n");
+			exit(1);
+		}
+
+		ok = cli_credentials_set_smb_signing(creds,
+							signing_state,
+							CRED_SPECIFIED);
+		if (!ok) {
+			fprintf(stderr,
+				"Failed to set smb signing!\n");
+			exit(1);
+		}
+
+		ok = cli_credentials_set_smb_encryption(creds,
+							encryption_state,
+							CRED_SPECIFIED);
+		if (!ok) {
+			fprintf(stderr,
+				"Failed to set smb encryption!\n");
+			exit(1);
 		}
 		break;
+	}
 	} /* switch */
 }