diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-01-06 15:25:29 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-01-07 00:02:23 +0100 |
commit | a7bdb491885f6afd54604d8a968c12b6015daa2d (patch) | |
tree | 595707f70430843bedbb9056d8960416dc139194 /source4 | |
parent | fa1fd85eea549d2944974ddbc67e21ef9231c49b (diff) | |
download | samba-a7bdb491885f6afd54604d8a968c12b6015daa2d.tar.gz samba-a7bdb491885f6afd54604d8a968c12b6015daa2d.tar.bz2 samba-a7bdb491885f6afd54604d8a968c12b6015daa2d.zip |
s4-ldap_server Allow multiple binds on LDAP server
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jan 7 00:02:23 CET 2011 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 25be4802d6..92afb800e0 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -243,12 +243,26 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) req->creds.SASL.mechanism); } + if (context && conn->sockets.sasl) { + TALLOC_FREE(context); + status = NT_STATUS_NOT_SUPPORTED; + result = LDAP_UNWILLING_TO_PERFORM; + errstr = talloc_asprintf(reply, + "SASL:[%s]: Sign or Seal are not allowed if SASL encryption has already been set up", + req->creds.SASL.mechanism); + } + if (context) { context->conn = conn; status = gensec_create_tstream(context, context->conn->gensec, context->conn->sockets.raw, &context->sasl); + if (NT_STATUS_IS_OK(status)) { + if (!talloc_reference(context->sasl, conn->gensec)) { + status = NT_STATUS_NO_MEMORY; + } + } } if (result != LDAP_SUCCESS) { @@ -294,12 +308,16 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) call->postprocess_recv = ldapsrv_sasl_postprocess_recv; call->postprocess_private = context; } + talloc_unlink(conn, conn->gensec); + conn->gensec = NULL; } else { status = auth_nt_status_squash(status); if (result == 0) { result = LDAP_INVALID_CREDENTIALS; errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status)); } + talloc_unlink(conn, conn->gensec); + conn->gensec = NULL; } resp->response.resultcode = result; |