s4:ldap_server: only set *resp->SASL.secblob = output for OK or MORE_PROCESSING_REQUIRED

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 337ce1251251563a1e944a35b1d35fe9bfbd9950..451f9d5b56b64503cdc91145b4cc56d8c4d0f154 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -419,9 +419,9 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 
        status = gensec_update_ev(conn->gensec, reply, conn->connection->event.ctx,
                                  input, &output);
-       *resp->SASL.secblob = output;
 
        if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
+               *resp->SASL.secblob = output;
                result = LDAP_SASL_BIND_IN_PROGRESS;
                errstr = NULL;
                goto do_reply;
@@ -553,6 +553,8 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
        talloc_unlink(conn, conn->gensec);
        conn->gensec = NULL;
 
+       *resp->SASL.secblob = output;
+
 do_reply:
        if (result != LDAP_SASL_BIND_IN_PROGRESS) {
                /*