diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2017-02-20 15:54:47 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:25 +0200 |
| commit | 28e0c8d135acaaedaf74126a2c572a3744d84336 (patch) | |
| tree | 44fd513698bd9d046bcb79c9e68685ed63427d7b /source4/ldap_server | |
| parent | c04891895999e2743e5bdbbba4c60254fa0f5820 (diff) | |
| download | samba-28e0c8d135acaaedaf74126a2c572a3744d84336.tar.gz | |
s4-ldap_server: Split gensec setup into a helper function
This makes the error handling simpler when we set more
details onto the gensec context.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source4/ldap_server')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 59 |
1 files changed, 37 insertions, 22 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index aad89315508..83623155a4e 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -180,6 +180,38 @@ static NTSTATUS ldapsrv_sasl_postprocess_recv(struct tevent_req *req) return tevent_req_simple_recv_ntstatus(req); } +static NTSTATUS ldapsrv_setup_gensec(struct ldapsrv_connection *conn, + const char *sasl_mech, + struct gensec_security **_gensec_security) +{ + NTSTATUS status; + + struct gensec_security *gensec_security; + + status = samba_server_gensec_start(conn, + conn->connection->event.ctx, + conn->connection->msg_ctx, + conn->lp_ctx, + conn->server_credentials, + "ldap", + &gensec_security); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES); + gensec_want_feature(gensec_security, GENSEC_FEATURE_LDAP_STYLE); + + status = gensec_start_mech_by_sasl_name(gensec_security, sasl_mech); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + *_gensec_security = gensec_security; + return status; +} + static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) { struct ldap_BindRequest *req = &call->request->r.BindRequest; @@ -209,32 +241,15 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) if (!conn->gensec) { conn->session_info = NULL; - status = samba_server_gensec_start(conn, - conn->connection->event.ctx, - conn->connection->msg_ctx, - conn->lp_ctx, - conn->server_credentials, - "ldap", - &conn->gensec); + status = ldapsrv_setup_gensec(conn, req->creds.SASL.mechanism, + &conn->gensec); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); + DEBUG(1, ("Failed to start GENSEC server for [%s] code: %s\n", + ldb_binary_encode_string(call, req->creds.SASL.mechanism), + nt_errstr(status))); result = LDAP_OPERATIONS_ERROR; errstr = talloc_asprintf(reply, "SASL: Failed to start authentication system: %s", nt_errstr(status)); - } else { - - gensec_want_feature(conn->gensec, GENSEC_FEATURE_ASYNC_REPLIES); - gensec_want_feature(conn->gensec, GENSEC_FEATURE_LDAP_STYLE); - - status = gensec_start_mech_by_sasl_name(conn->gensec, req->creds.SASL.mechanism); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start GENSEC SASL[%s] server code: %s\n", - req->creds.SASL.mechanism, nt_errstr(status))); - result = LDAP_OPERATIONS_ERROR; - errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to start authentication backend: %s", - req->creds.SASL.mechanism, nt_errstr(status)); - } } } |