git.samba.org / kai / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dc56e88)
s4:ldap_server: do the transport validation before calling gensec_create_tstream()
authorStefan Metzmacher <metze@samba.org>
Fri, 12 May 2017 10:04:59 +0000 (12:04 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 15 Jun 2017 07:13:23 +0000 (09:13 +0200)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/ldap_server/ldap_bind.c patch | blob | history

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index e259727484a632728642609552ec4005ff763ef8..6a88891152fcea2c792e8af6737147bf186c301b 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -467,18 +467,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                goto do_reply;
        }
 
-       if (context) {
-               context->conn = conn;
-               status = gensec_create_tstream(context,
-                                              context->conn->gensec,
-                                              context->conn->sockets.raw,
-                                              &context->sasl);
-               if (NT_STATUS_IS_OK(status)) {
-                       if (!talloc_reference(context->sasl, conn->gensec)) {
-                               status = NT_STATUS_NO_MEMORY;
-                       }
-               }
-       } else {
+       if (context == NULL) {
                switch (call->conn->require_strong_auth) {
                case LDAP_SERVER_REQUIRE_STRONG_AUTH_NO:
                        break;
@@ -503,6 +492,19 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                }
        }
 
+       if (context != NULL) {
+               context->conn = conn;
+               status = gensec_create_tstream(context,
+                                              context->conn->gensec,
+                                              context->conn->sockets.raw,
+                                              &context->sasl);
+               if (NT_STATUS_IS_OK(status)) {
+                       if (!talloc_reference(context->sasl, conn->gensec)) {
+                               status = NT_STATUS_NO_MEMORY;
+                       }
+               }
+       }
+
        if (result != LDAP_SUCCESS) {
        } else if (!NT_STATUS_IS_OK(status)) {
                result = LDAP_OPERATIONS_ERROR;
Unnamed repository; edit this file 'description' to name the repository.