diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-07-25 00:57:27 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:10:20 -0500 |
commit | 9d6f2767179fad2f9a067c67c09afddb6304e4eb (patch) | |
tree | 152febe9acc01ebbe00c56494541cf9c23296399 /source4/ldap_server | |
parent | c047a88f41ffed47e2eb422f8efb594aae80d61e (diff) | |
download | samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.tar.gz samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.tar.bz2 samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.zip |
r17222: Change the function prototypes for the GENSEc and TLS socket creation
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
Diffstat (limited to 'source4/ldap_server')
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 31 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.c | 10 |
2 files changed, 25 insertions, 16 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 3afb617499..daa82c1e48 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -98,9 +98,11 @@ struct ldapsrv_sasl_context { static void ldapsrv_set_sasl(void *private) { struct ldapsrv_sasl_context *ctx = talloc_get_type(private, struct ldapsrv_sasl_context); + talloc_steal(ctx->conn->connection, ctx->sasl_socket); + talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); + ctx->conn->connection->socket = ctx->sasl_socket; - talloc_steal(ctx->conn->connection->socket, ctx->sasl_socket); - packet_set_socket(ctx->conn->packet, ctx->sasl_socket); + packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) @@ -193,21 +195,24 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) ctx = talloc(call, struct ldapsrv_sasl_context); - if (ctx) { + if (!ctx) { + status = NT_STATUS_NO_MEMORY; + } else { ctx->conn = conn; - ctx->sasl_socket = gensec_socket_init(conn->gensec, - conn->connection->socket, - conn->connection->event.ctx, - stream_io_handler_callback, - conn->connection); - } - - if (!ctx || !ctx->sasl_socket) { + status = gensec_socket_init(conn->gensec, + conn->connection->socket, + conn->connection->event.ctx, + stream_io_handler_callback, + conn->connection, + &ctx->sasl_socket); + } + + if (!ctx || !NT_STATUS_IS_OK(status)) { conn->session_info = old_session_info; result = LDAP_OPERATIONS_ERROR; errstr = talloc_asprintf(reply, - "SASL:[%s]: Failed to setup SASL socket (out of memory)", - req->creds.SASL.mechanism); + "SASL:[%s]: Failed to setup SASL socket: %s", + req->creds.SASL.mechanism, nt_errstr(status)); } else { call->send_callback = ldapsrv_set_sasl; diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index cfbe6eb5b2..7807a93666 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -342,12 +342,16 @@ static void ldapsrv_accept(struct stream_connection *c) talloc_free(socket_address); if (port == 636) { - c->socket = tls_init_server(ldapsrv_service->tls_params, c->socket, - c->event.fde, NULL); - if (!c->socket) { + struct socket_context *tls_socket = tls_init_server(ldapsrv_service->tls_params, c->socket, + c->event.fde, NULL); + if (!tls_socket) { ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed"); return; } + talloc_unlink(c, c->socket); + talloc_steal(c, tls_socket); + c->socket = tls_socket; + } else if (port == 3268) /* Global catalog */ { conn->global_catalog = True; } |