mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4-ldap_server: Split gensec setup into a helper function
This makes the error handling simpler when we set more details onto the gensec context. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
parent
c048918959
commit
28e0c8d135
@ -180,6 +180,38 @@ static NTSTATUS ldapsrv_sasl_postprocess_recv(struct tevent_req *req)
|
||||
return tevent_req_simple_recv_ntstatus(req);
|
||||
}
|
||||
|
||||
static NTSTATUS ldapsrv_setup_gensec(struct ldapsrv_connection *conn,
|
||||
const char *sasl_mech,
|
||||
struct gensec_security **_gensec_security)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
struct gensec_security *gensec_security;
|
||||
|
||||
status = samba_server_gensec_start(conn,
|
||||
conn->connection->event.ctx,
|
||||
conn->connection->msg_ctx,
|
||||
conn->lp_ctx,
|
||||
conn->server_credentials,
|
||||
"ldap",
|
||||
&gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
|
||||
gensec_want_feature(gensec_security, GENSEC_FEATURE_LDAP_STYLE);
|
||||
|
||||
status = gensec_start_mech_by_sasl_name(gensec_security, sasl_mech);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
*_gensec_security = gensec_security;
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
|
||||
{
|
||||
struct ldap_BindRequest *req = &call->request->r.BindRequest;
|
||||
@ -209,32 +241,15 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
|
||||
if (!conn->gensec) {
|
||||
conn->session_info = NULL;
|
||||
|
||||
status = samba_server_gensec_start(conn,
|
||||
conn->connection->event.ctx,
|
||||
conn->connection->msg_ctx,
|
||||
conn->lp_ctx,
|
||||
conn->server_credentials,
|
||||
"ldap",
|
||||
&conn->gensec);
|
||||
status = ldapsrv_setup_gensec(conn, req->creds.SASL.mechanism,
|
||||
&conn->gensec);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
|
||||
DEBUG(1, ("Failed to start GENSEC server for [%s] code: %s\n",
|
||||
ldb_binary_encode_string(call, req->creds.SASL.mechanism),
|
||||
nt_errstr(status)));
|
||||
result = LDAP_OPERATIONS_ERROR;
|
||||
errstr = talloc_asprintf(reply, "SASL: Failed to start authentication system: %s",
|
||||
nt_errstr(status));
|
||||
} else {
|
||||
|
||||
gensec_want_feature(conn->gensec, GENSEC_FEATURE_ASYNC_REPLIES);
|
||||
gensec_want_feature(conn->gensec, GENSEC_FEATURE_LDAP_STYLE);
|
||||
|
||||
status = gensec_start_mech_by_sasl_name(conn->gensec, req->creds.SASL.mechanism);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC SASL[%s] server code: %s\n",
|
||||
req->creds.SASL.mechanism, nt_errstr(status)));
|
||||
result = LDAP_OPERATIONS_ERROR;
|
||||
errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to start authentication backend: %s",
|
||||
req->creds.SASL.mechanism, nt_errstr(status));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user