r23945: add infrastructure to select plain, sign or seal LDAP connection

metze
(This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)

2 files changed, 23 insertions, 2 deletions

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index fe7add5e75..0b73229736 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -372,8 +372,9 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 	ADS_STATUS status;
 	NTSTATUS ntstatus;
 
-	ads->ldap.last_attempt = time(NULL);
-	ads->ldap.ld = NULL;
+	ZERO_STRUCT(ads->ldap);
+	ads->ldap.last_attempt	= time(NULL);
+	ads->ldap.wrap_type	= ADS_SASLWRAP_TYPE_PLAIN;
 
 	/* try with a user specified server */
 
@@ -423,6 +424,11 @@ got_connection:
 	if (ads->auth.flags & ADS_AUTH_NO_BIND) {
 		return ADS_SUCCESS;
 	}
+
+	ads->ldap.mem_ctx = talloc_new("ads LDAP connection memory");
+	if (!ads->ldap.mem_ctx) {
+		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+	}
 	
 	/* Otherwise setup the TCP LDAP session */
 
@@ -475,6 +481,13 @@ void ads_disconnect(ADS_STRUCT *ads)
 		ldap_unbind(ads->ldap.ld);
 		ads->ldap.ld = NULL;
 	}
+	if (ads->ldap.wrap_ops && ads->ldap.wrap_ops->disconnect) {
+		ads->ldap.wrap_ops->disconnect(ads);
+	}
+	if (ads->ldap.mem_ctx) {
+		talloc_free(ads->ldap.mem_ctx);
+	}
+	ZERO_STRUCT(ads->ldap);
 }
 
 /*
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index a73545f8e5..94600d7234 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -517,6 +517,14 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
 
 	values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms");
 
+	if (ads->auth.flags & ADS_AUTH_SASL_SEAL) {
+		ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
+	} else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) {
+		ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN;
+	} else {
+		ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
+	}
+
 	/* try our supported mechanisms in order */
 	for (i=0;sasl_mechanisms[i].name;i++) {
 		/* see if the server supports it */