summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-12-12 22:43:35 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:29:13 -0500
commitb236d54c42a01343c4b0ec68d70a47a48531e71d (patch)
tree7309de2655fff5a7d79191c32c9771409d9fc90e
parentf2784a8bb0fbf4243bb959e7b9dfd3c2e108d470 (diff)
downloadsamba-b236d54c42a01343c4b0ec68d70a47a48531e71d.tar.gz
samba-b236d54c42a01343c4b0ec68d70a47a48531e71d.tar.bz2
samba-b236d54c42a01343c4b0ec68d70a47a48531e71d.zip
r20141: use the gensec_features of the cli_credentials for ildap connections,
instead of hardcoded GENSEC_FEATURE_SEAL. That means plain LDAP is now the default. metze (This used to be commit b69471866c2a6c61002147938f233f2f63963ba4)
Diffstat
-rw-r--r--source4/libcli/ldap/ldap_bind.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index c4c731e4f5..addc8cf91e 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -28,6 +28,7 @@
#include "lib/tls/tls.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/socket.h"
+#include "auth/credentials/credentials.h"
#include "lib/stream/packet.h"
struct ldap_simple_creds {
@@ -211,7 +212,7 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
int count, i;
const char **sasl_names;
-
+ uint32_t old_gensec_features;
static const char *supported_sasl_mech_attrs[] = {
"supportedSASLMechanisms",
NULL
@@ -225,10 +226,12 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
/* require Kerberos SIGN/SEAL only if we don't use SSL
* Windows seem not to like double encryption */
- if (!tls_enabled(conn->sock)) {
- gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ old_gensec_features = cli_credentials_get_gensec_features(creds);
+ if (tls_enabled(conn->sock)) {
+ cli_credentials_set_gensec_features(creds, 0);
}
+ /* this call also sets the gensec_want_features */
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set GENSEC creds: %s\n",
@@ -236,6 +239,9 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
goto failed;
}
+ /* reset the original gensec_features */
+ cli_credentials_set_gensec_features(creds, old_gensec_features);
+
if (conn->host) {
status = gensec_set_target_hostname(conn->gensec, conn->host);
if (!NT_STATUS_IS_OK(status)) {
generated by cgit (git 2.34.1) at 2024-07-04 16:27:06 +0000