From cc2ef27e369f0950ec931bf15cba4665c053ac53 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Mar 2010 09:50:09 +0200 Subject: s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIRED If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED, if "client ldap sasl wrapping = plain", instead of failing we now autoupgrade to "client ldap sasl wrapping = sign" for the given connection. metze --- source3/libads/sasl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 3856f5b49a..d6e4f68544 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -1117,7 +1117,17 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads) for (j=0;values && values[j];j++) { if (strcmp(values[j], sasl_mechanisms[i].name) == 0) { DEBUG(4,("Found SASL mechanism %s\n", values[j])); +retry: status = sasl_mechanisms[i].fn(ads); + if (status.error_type == ENUM_ADS_ERROR_LDAP && + status.err.rc == LDAP_STRONG_AUTH_REQUIRED && + ads->ldap.wrap_type == ADS_SASLWRAP_TYPE_PLAIN) + { + DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED " + "retrying with signing enabled\n")); + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN; + goto retry; + } ldap_value_free(values); ldap_msgfree(res); return status; -- cgit