s4:ldap_server: do the transport validation before calling gensec_create_tstream()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 14 insertions, 12 deletions

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index e259727484a..6a88891152f 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -467,18 +467,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 		goto do_reply;
 	}
 
-	if (context) {
-		context->conn = conn;
-		status = gensec_create_tstream(context,
-					       context->conn->gensec,
-					       context->conn->sockets.raw,
-					       &context->sasl);
-		if (NT_STATUS_IS_OK(status)) {
-			if (!talloc_reference(context->sasl, conn->gensec)) {
-				status = NT_STATUS_NO_MEMORY;
-			}
-		}
-	} else {
+	if (context == NULL) {
 		switch (call->conn->require_strong_auth) {
 		case LDAP_SERVER_REQUIRE_STRONG_AUTH_NO:
 			break;
@@ -503,6 +492,19 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 		}
 	}
 
+	if (context != NULL) {
+		context->conn = conn;
+		status = gensec_create_tstream(context,
+					       context->conn->gensec,
+					       context->conn->sockets.raw,
+					       &context->sasl);
+		if (NT_STATUS_IS_OK(status)) {
+			if (!talloc_reference(context->sasl, conn->gensec)) {
+				status = NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+
 	if (result != LDAP_SUCCESS) {
 	} else if (!NT_STATUS_IS_OK(status)) {
 		result = LDAP_OPERATIONS_ERROR;