From 768990ec4d3120c3b5cedf35578b75522f694d4a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 6 Oct 2023 08:26:11 +0200
Subject: [PATCH] rpc_netlogon4: Simplify
 dcesrv_netr_ServerAuthenticate3_helper()

Use a switch/case statement instead of a if/else chain. Easier to read
to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 42 ++++++++++++++-----
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d77d524cb28..8c88ed964a0 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -694,29 +694,49 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
 		return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 	}
 
-	if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
+	switch (r->in.secure_channel_type) {
+	case SEC_CHAN_WKSTA:
 		if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
-			DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
+			DBG_WARNING("Client asked for a workstation "
+				    "secure channel, but is not a workstation "
+				    "(member server) acb flags: 0x%x\n",
+				    user_account_control);
 			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 		}
-	} else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
-		   r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
-		if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
-			DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
+		break;
 
+	case SEC_CHAN_DOMAIN:
+		FALL_THROUGH;
+	case SEC_CHAN_DNS_DOMAIN:
+		if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
+			DBG_WARNING("Client asked for a trusted domain "
+				    "secure channel, but is not a trusted "
+				    "domain: acb flags: 0x%x\n",
+				    user_account_control);
 			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 		}
-	} else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
+		break;
+
+	case SEC_CHAN_BDC:
 		if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
-			DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
+			DBG_WARNING("Client asked for a server "
+				    "secure channel, but is not a server "
+				    "(domain controller): acb flags: 0x%x\n",
+				    user_account_control);
 			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 		}
-	} else if (r->in.secure_channel_type == SEC_CHAN_RODC) {
+		break;
+
+	case SEC_CHAN_RODC:
 		if (!(user_account_control & UF_PARTIAL_SECRETS_ACCOUNT)) {
-			DEBUG(1, ("Client asked for a RODC secure channel, but is not a RODC: acb flags: 0x%x\n", user_account_control));
+			DBG_WARNING("Client asked for a RODC secure channel, "
+				    "but is not a RODC: acb flags: 0x%x\n",
+				    user_account_control);
 			return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 		}
-	} else {
+		break;
+
+	default:
 		/* we should never reach this */
 		return NT_STATUS_INTERNAL_ERROR;
 	}