summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-01-06 15:25:29 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-01-07 00:02:23 +0100
commita7bdb491885f6afd54604d8a968c12b6015daa2d (patch)
tree595707f70430843bedbb9056d8960416dc139194 /source4
parentfa1fd85eea549d2944974ddbc67e21ef9231c49b (diff)
downloadsamba-a7bdb491885f6afd54604d8a968c12b6015daa2d.tar.gz
samba-a7bdb491885f6afd54604d8a968c12b6015daa2d.tar.bz2
samba-a7bdb491885f6afd54604d8a968c12b6015daa2d.zip
s4-ldap_server Allow multiple binds on LDAP server
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jan 7 00:02:23 CET 2011 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r--source4/ldap_server/ldap_bind.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 25be4802d6..92afb800e0 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -243,12 +243,26 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
req->creds.SASL.mechanism);
}
+ if (context && conn->sockets.sasl) {
+ TALLOC_FREE(context);
+ status = NT_STATUS_NOT_SUPPORTED;
+ result = LDAP_UNWILLING_TO_PERFORM;
+ errstr = talloc_asprintf(reply,
+ "SASL:[%s]: Sign or Seal are not allowed if SASL encryption has already been set up",
+ req->creds.SASL.mechanism);
+ }
+
if (context) {
context->conn = conn;
status = gensec_create_tstream(context,
context->conn->gensec,
context->conn->sockets.raw,
&context->sasl);
+ if (NT_STATUS_IS_OK(status)) {
+ if (!talloc_reference(context->sasl, conn->gensec)) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ }
}
if (result != LDAP_SUCCESS) {
@@ -294,12 +308,16 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
call->postprocess_recv = ldapsrv_sasl_postprocess_recv;
call->postprocess_private = context;
}
+ talloc_unlink(conn, conn->gensec);
+ conn->gensec = NULL;
} else {
status = auth_nt_status_squash(status);
if (result == 0) {
result = LDAP_INVALID_CREDENTIALS;
errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status));
}
+ talloc_unlink(conn, conn->gensec);
+ conn->gensec = NULL;
}
resp->response.resultcode = result;