summaryrefslogtreecommitdiffstats
path: root/source4/libcli
diff options
context:
space:
mode:
authorHoward Chu <hyc@symas.com>2013-09-17 13:09:07 -0700
committerNadezhda Ivanova <nivanova@samba.org>2013-09-18 19:47:55 +0200
commitb3bb3040364d4b8a497ced3e758fc81f24924db9 (patch)
treef29cf8e8ca814c4562fef6bfa3ca20b90a79fe73 /source4/libcli
parent887f4fbf4396489f353773de0606597c68f71b8a (diff)
downloadsamba-b3bb3040364d4b8a497ced3e758fc81f24924db9.tar.gz
samba-b3bb3040364d4b8a497ced3e758fc81f24924db9.tar.xz
samba-b3bb3040364d4b8a497ced3e758fc81f24924db9.zip
Prepare for SASL/EXTERNAL support
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/ldap/ldap_bind.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index f0a498b6209..d82b7a11565 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -215,6 +215,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
struct ldap_message **sasl_mechs_msgs;
struct ldap_SearchResEntry *search;
int count, i;
+ bool first = true;
const char **sasl_names;
uint32_t old_gensec_features;
@@ -337,7 +338,13 @@ try_logon_again:
* avoid mutal authentication requirements.
*
* Likewise, you must not feed GENSEC too much (after the OK),
- * it doesn't like that either
+ * it doesn't like that either.
+ *
+ * For SASL/EXTERNAL, there is no data to send, but we still
+ * must send the actual Bind request the first time around.
+ * Otherwise, a result of NT_STATUS_OK with 0 output means the
+ * end of a multi-step authentication, and no message must be
+ * sent.
*/
gensec_status = status;
@@ -347,8 +354,10 @@ try_logon_again:
break;
}
if (NT_STATUS_IS_OK(status) && output.length == 0) {
- break;
+ if (!first)
+ break;
}
+ first = false;
/* Perhaps we should make gensec_start_mech_by_sasl_list() return the name we got? */
msg = new_ldap_sasl_bind_msg(tmp_ctx, conn->gensec->ops->sasl_name, (output.data?&output:NULL));