summaryrefslogtreecommitdiff
path: root/source4/ldap_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/ldap_server')
-rw-r--r--source4/ldap_server/ldap_bind.c31
-rw-r--r--source4/ldap_server/ldap_server.c10
2 files changed, 25 insertions, 16 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 3afb617499..daa82c1e48 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -98,9 +98,11 @@ struct ldapsrv_sasl_context {
static void ldapsrv_set_sasl(void *private)
{
struct ldapsrv_sasl_context *ctx = talloc_get_type(private, struct ldapsrv_sasl_context);
+ talloc_steal(ctx->conn->connection, ctx->sasl_socket);
+ talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
+
ctx->conn->connection->socket = ctx->sasl_socket;
- talloc_steal(ctx->conn->connection->socket, ctx->sasl_socket);
- packet_set_socket(ctx->conn->packet, ctx->sasl_socket);
+ packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
}
static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
@@ -193,21 +195,24 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
ctx = talloc(call, struct ldapsrv_sasl_context);
- if (ctx) {
+ if (!ctx) {
+ status = NT_STATUS_NO_MEMORY;
+ } else {
ctx->conn = conn;
- ctx->sasl_socket = gensec_socket_init(conn->gensec,
- conn->connection->socket,
- conn->connection->event.ctx,
- stream_io_handler_callback,
- conn->connection);
- }
-
- if (!ctx || !ctx->sasl_socket) {
+ status = gensec_socket_init(conn->gensec,
+ conn->connection->socket,
+ conn->connection->event.ctx,
+ stream_io_handler_callback,
+ conn->connection,
+ &ctx->sasl_socket);
+ }
+
+ if (!ctx || !NT_STATUS_IS_OK(status)) {
conn->session_info = old_session_info;
result = LDAP_OPERATIONS_ERROR;
errstr = talloc_asprintf(reply,
- "SASL:[%s]: Failed to setup SASL socket (out of memory)",
- req->creds.SASL.mechanism);
+ "SASL:[%s]: Failed to setup SASL socket: %s",
+ req->creds.SASL.mechanism, nt_errstr(status));
} else {
call->send_callback = ldapsrv_set_sasl;
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index cfbe6eb5b2..7807a93666 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -342,12 +342,16 @@ static void ldapsrv_accept(struct stream_connection *c)
talloc_free(socket_address);
if (port == 636) {
- c->socket = tls_init_server(ldapsrv_service->tls_params, c->socket,
- c->event.fde, NULL);
- if (!c->socket) {
+ struct socket_context *tls_socket = tls_init_server(ldapsrv_service->tls_params, c->socket,
+ c->event.fde, NULL);
+ if (!tls_socket) {
ldapsrv_terminate_connection(conn, "ldapsrv_accept: tls_init_server() failed");
return;
}
+ talloc_unlink(c, c->socket);
+ talloc_steal(c, tls_socket);
+ c->socket = tls_socket;
+
} else if (port == 3268) /* Global catalog */ {
conn->global_catalog = True;
}