1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r20141: use the gensec_features of the cli_credentials for ildap connections,

instead of hardcoded GENSEC_FEATURE_SEAL.

That means plain LDAP is now the default.

metze
(This used to be commit b69471866c)
This commit is contained in:
Stefan Metzmacher 2006-12-12 22:43:35 +00:00 committed by Gerald (Jerry) Carter
parent f2784a8bb0
commit b236d54c42

View File

@ -28,6 +28,7 @@
#include "lib/tls/tls.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/socket.h"
#include "auth/credentials/credentials.h"
#include "lib/stream/packet.h"
struct ldap_simple_creds {
@ -211,7 +212,7 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
int count, i;
const char **sasl_names;
uint32_t old_gensec_features;
static const char *supported_sasl_mech_attrs[] = {
"supportedSASLMechanisms",
NULL
@ -225,10 +226,12 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
/* require Kerberos SIGN/SEAL only if we don't use SSL
* Windows seem not to like double encryption */
if (!tls_enabled(conn->sock)) {
gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
old_gensec_features = cli_credentials_get_gensec_features(creds);
if (tls_enabled(conn->sock)) {
cli_credentials_set_gensec_features(creds, 0);
}
/* this call also sets the gensec_want_features */
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set GENSEC creds: %s\n",
@ -236,6 +239,9 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
goto failed;
}
/* reset the original gensec_features */
cli_credentials_set_gensec_features(creds, old_gensec_features);
if (conn->host) {
status = gensec_set_target_hostname(conn->gensec, conn->host);
if (!NT_STATUS_IS_OK(status)) {