Cleanup ldap_bind_sasl.

With these changes, we don't leak the LDAP socket, and don't reset all
credentials feature flags, just the ones we are actually incompatible
with.

Andrew Bartlett
(This used to be commit 72e52a301102941c41ab423e0212fe9a1aed0405)

diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index e1569e72963b0a869294bca2a1e9fccba05039c1..65673116be1232b6e8c99e6024a5dc29050cf66a 100644 (file)
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -234,7 +234,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
         * Windows seem not to like double encryption */
        old_gensec_features = cli_credentials_get_gensec_features(creds);
        if (tls_enabled(conn->sock)) {
-               cli_credentials_set_gensec_features(creds, 0);
+               cli_credentials_set_gensec_features(creds, old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL));
        }
 
        /* this call also sets the gensec_want_features */
@@ -245,7 +245,8 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
                goto failed;
        }
 
-       /* reset the original gensec_features */
+       /* reset the original gensec_features (on the credentials
+        * context, so we don't tatoo it ) */
        cli_credentials_set_gensec_features(creds, old_gensec_features);
 
        if (conn->host) {
@@ -393,8 +394,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
                                            &sasl_socket);
                if (!NT_STATUS_IS_OK(status)) goto failed;
 
-               talloc_steal(conn->sock, sasl_socket);
-               talloc_unlink(conn, conn->sock);
                conn->sock = sasl_socket;
                packet_set_socket(conn->packet, conn->sock);