From 63811f0cb82229bc4d0473204fb43b411ca3a021 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 24 Jun 2005 00:03:17 +0000
Subject: r7854: only enable wrapping in the ldap server if it was negotiated
 by gensec (This used to be commit 355983493bc87b9e812152ef81773dccb23e03d5)

---
 source4/ldap_server/ldap_bind.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source4')

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index aba35e0b56..0cf2a8b7e6 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -74,7 +74,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 
 		gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SIGN);
 		gensec_want_feature(call->conn->gensec, GENSEC_FEATURE_SEAL);
-		
 
 		status = gensec_start_mech_by_sasl_name(call->conn->gensec, req->creds.SASL.mechanism);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -104,7 +103,10 @@ reply:
 	} else if (NT_STATUS_IS_OK(status)) {
 		result = LDAP_SUCCESS;
 		errstr = NULL;
-		call->conn->enable_wrap = True;
+		if (gensec_have_feature(call->conn->gensec, GENSEC_FEATURE_SEAL) ||
+		    gensec_have_feature(call->conn->gensec, GENSEC_FEATURE_SIGN)) {
+			call->conn->enable_wrap = True;
+		}
 	} else {
 		result = 49;
 		errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status));
-- 
cgit