From: Stefan Metzmacher Date: Tue, 13 Jun 2017 13:28:53 +0000 (+0200) Subject: s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL() X-Git-Tag: ldb-1.1.31~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=461abf3ce337b147db7c3c9bffb972bae678f7df;p=thirdparty%2Fsamba.git s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL() The old conn->session_info (as well as conn->ldb) should only be changed after a successful Bind(). Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 25fe528b2c2..352e67da1a7 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -377,6 +377,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) NTSTATUS status = NT_STATUS_OK; DATA_BLOB input = data_blob_null; DATA_BLOB output = data_blob_null; + struct auth_session_info *session_info = NULL; DEBUG(10, ("BindSASL dn: %s\n",req->dn)); @@ -512,20 +513,17 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) req->creds.SASL.mechanism, nt_errstr(status)); goto do_reply; } else { - struct auth_session_info *old_session_info=NULL; - old_session_info = conn->session_info; - conn->session_info = NULL; - status = gensec_session_info(conn->gensec, conn, &conn->session_info); + status = gensec_session_info(conn->gensec, call, &session_info); if (!NT_STATUS_IS_OK(status)) { - conn->session_info = old_session_info; result = LDAP_OPERATIONS_ERROR; errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to get session info: %s", req->creds.SASL.mechanism, nt_errstr(status)); goto do_reply; } else { - talloc_unlink(conn, old_session_info); + talloc_unlink(conn, conn->session_info); + conn->session_info = talloc_steal(conn, session_info); /* don't leak the old LDB */ talloc_unlink(conn, conn->ldb);