s4-ldap_server: Split gensec setup into a helper function

This makes the error handling simpler when we set more
details onto the gensec context.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index aad89315508690276fd9812af089b09b6739526e..83623155a4e2561a2d703c0eb33b7a9b5fb14086 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -180,6 +180,38 @@ static NTSTATUS ldapsrv_sasl_postprocess_recv(struct tevent_req *req)
        return tevent_req_simple_recv_ntstatus(req);
 }
 
+static NTSTATUS ldapsrv_setup_gensec(struct ldapsrv_connection *conn,
+                                    const char *sasl_mech,
+                                    struct gensec_security **_gensec_security)
+{
+       NTSTATUS status;
+
+       struct gensec_security *gensec_security;
+
+       status = samba_server_gensec_start(conn,
+                                          conn->connection->event.ctx,
+                                          conn->connection->msg_ctx,
+                                          conn->lp_ctx,
+                                          conn->server_credentials,
+                                          "ldap",
+                                          &gensec_security);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
+       gensec_want_feature(gensec_security, GENSEC_FEATURE_LDAP_STYLE);
+
+       status = gensec_start_mech_by_sasl_name(gensec_security, sasl_mech);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       *_gensec_security = gensec_security;
+       return status;
+}
+
 static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 {
        struct ldap_BindRequest *req = &call->request->r.BindRequest;
@@ -209,32 +241,15 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
        if (!conn->gensec) {
                conn->session_info = NULL;
 
-               status = samba_server_gensec_start(conn,
-                                                  conn->connection->event.ctx,
-                                                  conn->connection->msg_ctx,
-                                                  conn->lp_ctx,
-                                                  conn->server_credentials,
-                                                  "ldap",
-                                                  &conn->gensec);
+               status = ldapsrv_setup_gensec(conn, req->creds.SASL.mechanism,
+                                             &conn->gensec);
                if (!NT_STATUS_IS_OK(status)) {
-                       DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
+                       DEBUG(1, ("Failed to start GENSEC server for [%s] code: %s\n",
+                                 ldb_binary_encode_string(call, req->creds.SASL.mechanism),
+                                 nt_errstr(status)));
                        result = LDAP_OPERATIONS_ERROR;
                        errstr = talloc_asprintf(reply, "SASL: Failed to start authentication system: %s", 
                                                 nt_errstr(status));
-               } else {
-
-                       gensec_want_feature(conn->gensec, GENSEC_FEATURE_ASYNC_REPLIES);
-                       gensec_want_feature(conn->gensec, GENSEC_FEATURE_LDAP_STYLE);
-                       
-                       status = gensec_start_mech_by_sasl_name(conn->gensec, req->creds.SASL.mechanism);
-                       
-                       if (!NT_STATUS_IS_OK(status)) {
-                               DEBUG(1, ("Failed to start GENSEC SASL[%s] server code: %s\n", 
-                                         req->creds.SASL.mechanism, nt_errstr(status)));
-                               result = LDAP_OPERATIONS_ERROR;
-                               errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to start authentication backend: %s", 
-                                                        req->creds.SASL.mechanism, nt_errstr(status));
-                       }
                }
        }