diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-03-30 09:50:09 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-03-30 09:53:11 +0200 |
commit | cc2ef27e369f0950ec931bf15cba4665c053ac53 (patch) | |
tree | fed4e77699afa6375a655de30ba8a6b67d7704e6 /source3 | |
parent | 21499a148e4b6600d13977eb97c1a77d9bf5fd4c (diff) | |
download | samba-cc2ef27e369f0950ec931bf15cba4665c053ac53.tar.gz samba-cc2ef27e369f0950ec931bf15cba4665c053ac53.tar.xz samba-cc2ef27e369f0950ec931bf15cba4665c053ac53.zip |
s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIRED
If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED,
if "client ldap sasl wrapping = plain", instead of failing we now
autoupgrade to "client ldap sasl wrapping = sign" for the given connection.
metze
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libads/sasl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 3856f5b49ae..d6e4f68544a 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -1117,7 +1117,17 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads) for (j=0;values && values[j];j++) { if (strcmp(values[j], sasl_mechanisms[i].name) == 0) { DEBUG(4,("Found SASL mechanism %s\n", values[j])); +retry: status = sasl_mechanisms[i].fn(ads); + if (status.error_type == ENUM_ADS_ERROR_LDAP && + status.err.rc == LDAP_STRONG_AUTH_REQUIRED && + ads->ldap.wrap_type == ADS_SASLWRAP_TYPE_PLAIN) + { + DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED " + "retrying with signing enabled\n")); + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN; + goto retry; + } ldap_value_free(values); ldap_msgfree(res); return status; |