result = LDAP_INVALID_CREDENTIALS;
errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED,
0x0C0904DC, status);
- talloc_unlink(conn, conn->gensec);
- conn->gensec = NULL;
goto do_reply;
}
}
do_reply:
+ if (result != LDAP_SASL_BIND_IN_PROGRESS) {
+ /*
+ * We should destroy the gensec context
+ * when we hit a fatal error.
+ *
+ * Note: conn->gensec is already cleared
+ * for the LDAP_SUCCESS case.
+ */
+ talloc_unlink(conn, conn->gensec);
+ conn->gensec = NULL;
+ }
+
resp->response.resultcode = result;
resp->response.dn = NULL;
resp->response.errormessage = errstr;