Update my copyrights according to my agreement with IBM

[bbaumbach/samba-autobuild/.git] / source3 / libads / sasl.c

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 29d4533a54fa056357e72184c1594114a95e63ee..910ff3f4dc6682e1fcdcc619b43ec4796a859e5f 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -124,9 +124,10 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip
 {
        DATA_BLOB blob;
        struct berval cred, *scred;
+       unsigned char sk[16];
        int rc;
 
-       blob = spnego_gen_negTokenTarg(principal, ads->auth.time_offset);
+       blob = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, sk);
 
        if (!blob.data) {
                return ADS_ERROR(LDAP_OPERATIONS_ERROR);
@@ -198,8 +199,11 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
                if (ads_kinit_password(ads) == 0) {
                        status = ads_sasl_spnego_krb5_bind(ads, principal);
                }
-               if (ADS_ERR_OK(status))
+               /* only fallback to NTLMSSP if allowed */
+               if (ADS_ERR_OK(status) || 
+                   !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
                        return status;
+               }
        }
 #endif