summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-07-15 15:08:57 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-07-15 15:08:57 +1000
commitab00b65dde3fad666425cd9b4b6e45dabc33b279 (patch)
treeace6c609f92f1369cddc1dcd6b3a17a3f5a6fe01
parent532899386b229fc4e72303d18e951686634c8757 (diff)
downloadsamba-ab00b65dde3fad666425cd9b4b6e45dabc33b279.tar.gz
samba-ab00b65dde3fad666425cd9b4b6e45dabc33b279.tar.bz2
samba-ab00b65dde3fad666425cd9b4b6e45dabc33b279.zip
Cleanup ldap_bind_sasl.
With these changes, we don't leak the LDAP socket, and don't reset all credentials feature flags, just the ones we are actually incompatible with. Andrew Bartlett (This used to be commit 72e52a301102941c41ab423e0212fe9a1aed0405)
-rw-r--r--source4/libcli/ldap/ldap_bind.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index e1569e7296..65673116be 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -234,7 +234,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
* Windows seem not to like double encryption */
old_gensec_features = cli_credentials_get_gensec_features(creds);
if (tls_enabled(conn->sock)) {
- cli_credentials_set_gensec_features(creds, 0);
+ cli_credentials_set_gensec_features(creds, old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL));
}
/* this call also sets the gensec_want_features */
@@ -245,7 +245,8 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
goto failed;
}
- /* reset the original gensec_features */
+ /* reset the original gensec_features (on the credentials
+ * context, so we don't tatoo it ) */
cli_credentials_set_gensec_features(creds, old_gensec_features);
if (conn->host) {
@@ -393,8 +394,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
&sasl_socket);
if (!NT_STATUS_IS_OK(status)) goto failed;
- talloc_steal(conn->sock, sasl_socket);
- talloc_unlink(conn, conn->sock);
conn->sock = sasl_socket;
packet_set_socket(conn->packet, conn->sock);