diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-06-13 15:28:53 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-15 09:13:24 +0200 |
commit | 461abf3ce337b147db7c3c9bffb972bae678f7df (patch) | |
tree | 9c50410b8e37b5847ee2cd41762bfb9e6e20b615 /source4/ldap_server | |
parent | 5de8074b3917e46cf68762c1b52775e5533a90cb (diff) | |
download | samba-461abf3ce337b147db7c3c9bffb972bae678f7df.tar.gz |
s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL()
The old conn->session_info (as well as conn->ldb) should only be changed
after a successful Bind().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/ldap_server')
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 25fe528b2c2..352e67da1a7 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -377,6 +377,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) NTSTATUS status = NT_STATUS_OK; DATA_BLOB input = data_blob_null; DATA_BLOB output = data_blob_null; + struct auth_session_info *session_info = NULL; DEBUG(10, ("BindSASL dn: %s\n",req->dn)); @@ -512,20 +513,17 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) req->creds.SASL.mechanism, nt_errstr(status)); goto do_reply; } else { - struct auth_session_info *old_session_info=NULL; - old_session_info = conn->session_info; - conn->session_info = NULL; - status = gensec_session_info(conn->gensec, conn, &conn->session_info); + status = gensec_session_info(conn->gensec, call, &session_info); if (!NT_STATUS_IS_OK(status)) { - conn->session_info = old_session_info; result = LDAP_OPERATIONS_ERROR; errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to get session info: %s", req->creds.SASL.mechanism, nt_errstr(status)); goto do_reply; } else { - talloc_unlink(conn, old_session_info); + talloc_unlink(conn, conn->session_info); + conn->session_info = talloc_steal(conn, session_info); /* don't leak the old LDB */ talloc_unlink(conn, conn->ldb); |