s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE

This is more generic and will handle the
ntlmssp_[un]wrap() behaviour at the right level.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index e1dd506d4a58b8d4515cd462f72fbbc3ce85e37a..0251980ae6e781c9fd846cee3c8bce805973f66f 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -158,11 +158,11 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
                } else {
                        /*
                         * windows servers are broken with sign only,
-                        * so we need to use seal here too
+                        * so we let the NTLMSSP backend to seal here,
+                        * via GENSEC_FEATURE_LDAP_STYLE.
                         */
                        gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
-                       gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
-                       ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
+                       gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_LDAP_STYLE);
                }
                break;
        case ADS_SASLWRAP_TYPE_PLAIN: