This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
#include "lib/tls/tls.h"
-#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
#include "auth/gensec/socket.h"
+#include "auth/credentials/credentials.h"
#include "lib/stream/packet.h"
struct ldap_simple_creds {
int count, i;
const char **sasl_names;
-
+ uint32_t old_gensec_features;
static const char *supported_sasl_mech_attrs[] = {
"supportedSASLMechanisms",
NULL
/* require Kerberos SIGN/SEAL only if we don't use SSL
* Windows seem not to like double encryption */
- if (!tls_enabled(conn->sock)) {
- gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+ old_gensec_features = cli_credentials_get_gensec_features(creds);
+ if (tls_enabled(conn->sock)) {
+ cli_credentials_set_gensec_features(creds, 0);
}
+ /* this call also sets the gensec_want_features */
status = gensec_set_credentials(conn->gensec, creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set GENSEC creds: %s\n",
goto failed;
}
- status = gensec_set_target_hostname(conn->gensec, conn->host);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
- nt_errstr(status)));
- goto failed;
+ /* reset the original gensec_features */
+ cli_credentials_set_gensec_features(creds, old_gensec_features);
+
+ if (conn->host) {
+ status = gensec_set_target_hostname(conn->gensec, conn->host);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC target hostname: %s\n",
+ nt_errstr(status)));
+ goto failed;
+ }
}
status = gensec_set_target_service(conn->gensec, "ldap");
ldap_read_io_handler,
conn,
&sasl_socket);
- if (NT_STATUS_IS_OK(status)) {
- talloc_steal(conn->sock, sasl_socket);
- talloc_unlink(conn, conn->sock);
- conn->sock = sasl_socket;
- packet_set_socket(conn->packet, conn->sock);
- } else {
- status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
+ if (!NT_STATUS_IS_OK(status)) goto failed;
+
+ talloc_steal(conn->sock, sasl_socket);
+ talloc_unlink(conn, conn->sock);
+ conn->sock = sasl_socket;
+ packet_set_socket(conn->packet, conn->sock);
+
conn->bind.type = LDAP_BIND_SASL;
conn->bind.creds = creds;
}