diff options
author | Howard Chu <hyc@symas.com> | 2013-09-17 13:09:07 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2013-09-18 19:47:55 +0200 |
commit | b3bb3040364d4b8a497ced3e758fc81f24924db9 (patch) | |
tree | f29cf8e8ca814c4562fef6bfa3ca20b90a79fe73 /source4/libcli | |
parent | 887f4fbf4396489f353773de0606597c68f71b8a (diff) | |
download | samba-b3bb3040364d4b8a497ced3e758fc81f24924db9.tar.gz samba-b3bb3040364d4b8a497ced3e758fc81f24924db9.tar.xz samba-b3bb3040364d4b8a497ced3e758fc81f24924db9.zip |
Prepare for SASL/EXTERNAL support
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/ldap/ldap_bind.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index f0a498b6209..d82b7a11565 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -215,6 +215,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct ldap_message **sasl_mechs_msgs; struct ldap_SearchResEntry *search; int count, i; + bool first = true; const char **sasl_names; uint32_t old_gensec_features; @@ -337,7 +338,13 @@ try_logon_again: * avoid mutal authentication requirements. * * Likewise, you must not feed GENSEC too much (after the OK), - * it doesn't like that either + * it doesn't like that either. + * + * For SASL/EXTERNAL, there is no data to send, but we still + * must send the actual Bind request the first time around. + * Otherwise, a result of NT_STATUS_OK with 0 output means the + * end of a multi-step authentication, and no message must be + * sent. */ gensec_status = status; @@ -347,8 +354,10 @@ try_logon_again: break; } if (NT_STATUS_IS_OK(status) && output.length == 0) { - break; + if (!first) + break; } + first = false; /* Perhaps we should make gensec_start_mech_by_sasl_list() return the name we got? */ msg = new_ldap_sasl_bind_msg(tmp_ctx, conn->gensec->ops->sasl_name, (output.data?&output:NULL)); |