From 75ec65597cd9b0008876bbb5967f822f65985d0c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 5 Nov 2005 11:24:10 +0000
Subject: r11523: Working towards having Samba3 join Samba4, this allows the
 SASL credentials to be NULL, where the client is requesting a CIFS style
 server-first negTokenInit.

Andrew Bartlett
(This used to be commit eba652ecc89766304fdad14463072dc311693701)
---
 source4/libcli/ldap/ldap.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'source4/libcli/ldap')

diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 043faabf2f..7d1758a8fa 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -933,9 +933,13 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
 			asn1_start_tag(data, ASN1_CONTEXT(3));
 			r->mechanism = LDAP_AUTH_MECH_SASL;
 			asn1_read_OctetString_talloc(msg, data, &r->creds.SASL.mechanism);
-			asn1_read_OctetString(data, &r->creds.SASL.secblob);
-			if (r->creds.SASL.secblob.data) {
-				talloc_steal(msg, r->creds.SASL.secblob.data);
+			if (asn1_peek_tag(data, ASN1_OCTET_STRING)) { /* optional */
+				asn1_read_OctetString(data, &r->creds.SASL.secblob);
+				if (r->creds.SASL.secblob.data) {
+					talloc_steal(msg, r->creds.SASL.secblob.data);
+				}
+			} else {
+				r->creds.SASL.secblob = data_blob(NULL, 0);
 			}
 			asn1_end_tag(data);
 		}
-- 
cgit