s4:libcli/ldap: fix retry authentication after a bad password

We need to start with an empty input buffer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index b10b79d14c01a9bc56f9d1f046e89aadaf04c7c4..d2f4ca7e4acfb9df9adb83d61d813ca0446fe113 100644 (file)
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -291,6 +291,8 @@ try_logon_again:
          gensec session. The logon_retries counter ensures we don't
          loop forever.
         */
+       data_blob_free(&input);
+       TALLOC_FREE(conn->gensec);
 
        status = gensec_client_start(conn, &conn->gensec,
                                     lpcfg_gensec_settings(conn, lp_ctx));
@@ -441,8 +443,6 @@ try_logon_again:
                                  new credentials, or get a new ticket
                                  if using kerberos
                                 */
-                               talloc_free(conn->gensec);
-                               conn->gensec = NULL;
                                goto try_logon_again;
                        }
                }