diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-05-11 19:04:27 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-15 09:13:23 +0200 |
| commit | be8fff9dbcd781f24da7176dac37b7a37d8a7074 (patch) | |
| tree | ec94fdc7b3f78e3c5dd0187e2d501ed381442b7e /source4/ldap_server | |
| parent | c0fa0b88d033e374cd28730d435b5ed0e6af2ff9 (diff) | |
| download | samba-be8fff9dbcd781f24da7176dac37b7a37d8a7074.tar.gz | |
s4:ldap_server: add use goto do_reply; to make the logic in ldapsrv_BindSASL() more sane
The following patches will simplify the logic by avoiding else branches
by using early returns.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/ldap_server')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 23d34d24f14..3f2cd2be246 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -401,6 +401,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) result = LDAP_OPERATIONS_ERROR; errstr = talloc_asprintf(reply, "SASL: Failed to start authentication system: %s", nt_errstr(status)); + goto do_reply; } } @@ -426,6 +427,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) { result = LDAP_SASL_BIND_IN_PROGRESS; errstr = NULL; + goto do_reply; } else if (NT_STATUS_IS_OK(status)) { struct ldapsrv_sasl_postprocess_context *context = NULL; @@ -449,6 +451,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) errstr = talloc_asprintf(reply, "SASL:[%s]: Sign or Seal are not allowed if TLS is used", req->creds.SASL.mechanism); + goto do_reply; } if (context && conn->sockets.sasl) { @@ -458,6 +461,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) errstr = talloc_asprintf(reply, "SASL:[%s]: Sign or Seal are not allowed if SASL encryption has already been set up", req->creds.SASL.mechanism); + goto do_reply; } if (context) { @@ -484,14 +488,15 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) errstr = talloc_asprintf(reply, "SASL:[%s]: not allowed if TLS is used.", req->creds.SASL.mechanism); - break; + goto do_reply; + case LDAP_SERVER_REQUIRE_STRONG_AUTH_YES: status = NT_STATUS_NETWORK_ACCESS_DENIED; result = LDAP_STRONG_AUTH_REQUIRED; errstr = talloc_asprintf(reply, "SASL:[%s]: Sign or Seal are required.", req->creds.SASL.mechanism); - break; + goto do_reply; } } @@ -501,6 +506,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to setup SASL socket: %s", req->creds.SASL.mechanism, nt_errstr(status)); + goto do_reply; } else { struct auth_session_info *old_session_info=NULL; @@ -513,6 +519,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to get session info: %s", req->creds.SASL.mechanism, nt_errstr(status)); + goto do_reply; } else { talloc_unlink(conn, old_session_info); @@ -529,6 +536,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) "SASL:[%s]: Failed to advise samdb of new credentials: %s", req->creds.SASL.mechanism, nt_errstr(status)); + goto do_reply; } } } @@ -549,8 +557,10 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) } talloc_unlink(conn, conn->gensec); conn->gensec = NULL; + goto do_reply; } +do_reply: resp->response.resultcode = result; resp->response.dn = NULL; resp->response.errormessage = errstr; |