#include "includes.h"
#include "libcli/ldap/ldap.h"
+#include "libcli/ldap/ldap_proto.h"
#include "libcli/ldap/ldap_client.h"
#include "lib/tls/tls.h"
#include "auth/gensec/gensec.h"
const char *pw;
};
-NTSTATUS ldap_rebind(struct ldap_connection *conn)
+_PUBLIC_ NTSTATUS ldap_rebind(struct ldap_connection *conn)
{
NTSTATUS status;
struct ldap_simple_creds *creds;
/*
perform a simple username/password bind
*/
-NTSTATUS ldap_bind_simple(struct ldap_connection *conn,
+_PUBLIC_ NTSTATUS ldap_bind_simple(struct ldap_connection *conn,
const char *userdn, const char *password)
{
struct ldap_request *req;
/*
perform a sasl bind using the given credentials
*/
-NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
+_PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
struct cli_credentials *creds,
struct loadparm_context *lp_ctx)
{
gensec_init(lp_ctx);
- status = gensec_client_start(conn, &conn->gensec, NULL, lp_ctx);
+ status = gensec_client_start(conn, &conn->gensec,
+ conn->event.event_ctx,
+ lp_gensec_settings(conn, lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
goto failed;
* Windows seem not to like double encryption */
old_gensec_features = cli_credentials_get_gensec_features(creds);
if (tls_enabled(conn->sock)) {
- cli_credentials_set_gensec_features(creds, 0);
+ cli_credentials_set_gensec_features(creds, old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL));
}
/* this call also sets the gensec_want_features */
goto failed;
}
- /* reset the original gensec_features */
+ /* reset the original gensec_features (on the credentials
+ * context, so we don't tatoo it ) */
cli_credentials_set_gensec_features(creds, old_gensec_features);
if (conn->host) {
search = &sasl_mechs_msgs[0]->r.SearchResultEntry;
if (search->num_attributes != 1) {
- DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of attributes: %d\n",
+ DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of attributes: %d != 1\n",
search->num_attributes));
goto failed;
}
if (NT_STATUS_IS_OK(status)) {
struct socket_context *sasl_socket;
status = gensec_socket_init(conn->gensec,
+ conn,
conn->sock,
conn->event.event_ctx,
ldap_read_io_handler,
&sasl_socket);
if (!NT_STATUS_IS_OK(status)) goto failed;
- talloc_steal(conn->sock, sasl_socket);
- talloc_unlink(conn, conn->sock);
conn->sock = sasl_socket;
packet_set_socket(conn->packet, conn->sock);