diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-05-11 21:09:08 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-15 09:13:23 +0200 |
commit | b271794ca8ae2ea052a6fc87d89f506dcbae171f (patch) | |
tree | 09e3dfc04914f3c0e652ca363f5c24082c75abd9 /source4/ldap_server | |
parent | bf531dfd4e2cd97a8f57030ea597c75a3d3336ac (diff) | |
download | samba-b271794ca8ae2ea052a6fc87d89f506dcbae171f.tar.gz |
s4:ldap_server: move invalid credential handling before the success handling.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/ldap_server')
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index fb4593de95f..e36cb1cebf6 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -424,7 +424,21 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) result = LDAP_SASL_BIND_IN_PROGRESS; errstr = NULL; goto do_reply; - } else if (NT_STATUS_IS_OK(status)) { + } + + if (!NT_STATUS_IS_OK(status)) { + status = nt_status_squash(status); + if (result == 0) { + result = LDAP_INVALID_CREDENTIALS; + errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED, + 0x0C0904DC, status); + } + talloc_unlink(conn, conn->gensec); + conn->gensec = NULL; + goto do_reply; + } + + { struct ldapsrv_sasl_postprocess_context *context = NULL; result = LDAP_SUCCESS; @@ -544,16 +558,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) } talloc_unlink(conn, conn->gensec); conn->gensec = NULL; - } else { - status = nt_status_squash(status); - if (result == 0) { - result = LDAP_INVALID_CREDENTIALS; - errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED, - 0x0C0904DC, status); - } - talloc_unlink(conn, conn->gensec); - conn->gensec = NULL; - goto do_reply; } do_reply: |