From: Ralph Boehme <slow@samba.org>
Date: Thu, 24 Nov 2022 10:54:14 +0000 (+0100)
Subject: winbindd: do an early exit in cm_open_connection()
X-Git-Tag: talloc-2.4.0~173
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e496efe8c29dc0342ddd09cb61e253132fe17f9;p=thirdparty%2Fsamba.git

winbindd: do an early exit in cm_open_connection()

Best viewed with git show -w. No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index e774bf90511..250465fcdea 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1727,43 +1727,43 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
 			break;
 	}
 
-	if (NT_STATUS_IS_OK(result)) {
-		bool seal_pipes = true;
+	if (!NT_STATUS_IS_OK(result)) {
+		/* Ensure we setup the retry handler. */
+		set_domain_offline(domain);
+		goto out;
+	}
 
-		winbindd_set_locator_kdc_envs(domain);
+	winbindd_set_locator_kdc_envs(domain);
 
-		if (domain->online == False) {
-			/* We're changing state from offline to online. */
-			set_global_winbindd_state_online();
-		}
-		set_domain_online(domain);
+	if (domain->online == False) {
+		/* We're changing state from offline to online. */
+		set_global_winbindd_state_online();
+	}
+	set_domain_online(domain);
 
-		/*
-		 * Much as I hate global state, this seems to be the point
-		 * where we can be certain that we have a proper connection to
-		 * a DC. wbinfo --dc-info needs that information, store it in
-		 * gencache with a looong timeout. This will need revisiting
-		 * once we start to connect to multiple DCs, wbcDcInfo is
-		 * already prepared for that.
-		 */
-		store_current_dc_in_gencache(domain->name, domain->dcname,
-					     new_conn->cli);
+	/*
+	 * Much as I hate global state, this seems to be the point
+	 * where we can be certain that we have a proper connection to
+	 * a DC. wbinfo --dc-info needs that information, store it in
+	 * gencache with a looong timeout. This will need revisiting
+	 * once we start to connect to multiple DCs, wbcDcInfo is
+	 * already prepared for that.
+	 */
+	store_current_dc_in_gencache(domain->name, domain->dcname,
+				     new_conn->cli);
 
-		seal_pipes = lp_winbind_sealed_pipes();
-		seal_pipes = lp_parm_bool(-1, "winbind sealed pipes",
-					  domain->name,
-					  seal_pipes);
+	seal_pipes = lp_winbind_sealed_pipes();
+	seal_pipes = lp_parm_bool(-1, "winbind sealed pipes",
+				  domain->name,
+				  seal_pipes);
 
-		if (seal_pipes) {
-			new_conn->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
-		} else {
-			new_conn->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
-		}
+	if (seal_pipes) {
+		new_conn->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
 	} else {
-		/* Ensure we setup the retry handler. */
-		set_domain_offline(domain);
+		new_conn->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
 	}
 
+out:
 	talloc_destroy(mem_ctx);
 	return result;
 }