From 740ee4a8977512c03800ef88603cf65fd044443b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 1 Jan 2005 00:19:08 +0000 Subject: r4460: Add a new GENSEC module: gensec_gssapi (disabled by default, set parametric option: gensec:gssapi=yes to enable). This module backs directly onto GSSAPI, and allows us to sign and seal GSSAPI/Krb5 connections in particular. This avoids me reinventing the entire GSSAPI wheel. Currently a lot of things are left as default - we will soon start specifiying OIDs as well as passwords (it uses the keytab only at the moment). Tested with our LDAP-* torture tests against Win2k3. My hope is to use this module to access the new SPNEGO implementation in Heimdal, to avoid having to standards-verify our own. Andrew Bartlett (This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35) --- source4/libcli/ldap/ldap_client.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source4/libcli/ldap/ldap_client.c') diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index 77356cbe70..9ca9e4b5c4 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -459,9 +459,13 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha break; } - status = gensec_update(conn->gensec, mem_ctx, - response->r.BindResponse.SASL.secblob, - &output); + if (!NT_STATUS_IS_OK(status)) { + status = gensec_update(conn->gensec, mem_ctx, + response->r.BindResponse.SASL.secblob, + &output); + } else { + output.length = 0; + } talloc_free(response); } -- cgit