The Samba-Bugzilla – Attachment 12518 Details for
Bug 12301
LDAP server signals wrong cause when multiple SASL binds are attempted
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
source4/ldap_server/ldap_bind.c patch
ldap_bind.patch (text/plain), 1.90 KB, created by
Tom C
on 2016-09-30 07:44:46 UTC
(
hide
)
Description:
source4/ldap_server/ldap_bind.c patch
Filename:
MIME Type:
Creator:
Tom C
Created:
2016-09-30 07:44:46 UTC
Size:
1.90 KB
patch
obsolete
>--- samba-4.5.0.old/source4/ldap_server/ldap_bind.c 2016-09-29 23:58:02.724898331 -0700 >+++ samba-4.5.0/source4/ldap_server/ldap_bind.c 2016-09-30 00:30:09.920911521 -0700 >@@ -244,7 +244,29 @@ > if (!context) { > status = NT_STATUS_NO_MEMORY; > } >- } >+ } else { >+ switch (conn->require_strong_auth) { >+ case LDAP_SERVER_REQUIRE_STRONG_AUTH_NO: >+ break; >+ case LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS: >+ if (conn->sockets.active == conn->sockets.tls) { >+ break; >+ } >+ status = NT_STATUS_NETWORK_ACCESS_DENIED; >+ result = LDAP_STRONG_AUTH_REQUIRED; >+ errstr = talloc_asprintf(reply, >+ "SASL:[%s]: not allowed if TLS is used.", >+ req->creds.SASL.mechanism); >+ break; >+ case LDAP_SERVER_REQUIRE_STRONG_AUTH_YES: >+ status = NT_STATUS_NETWORK_ACCESS_DENIED; >+ result = LDAP_STRONG_AUTH_REQUIRED; >+ errstr = talloc_asprintf(reply, >+ "SASL:[%s]: Sign or Seal are required.", >+ req->creds.SASL.mechanism); >+ break; >+ } >+ } > > if (context && conn->sockets.tls) { > TALLOC_FREE(context); >@@ -275,28 +297,6 @@ > status = NT_STATUS_NO_MEMORY; > } > } >- } else { >- switch (call->conn->require_strong_auth) { >- case LDAP_SERVER_REQUIRE_STRONG_AUTH_NO: >- break; >- case LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS: >- if (call->conn->sockets.active == call->conn->sockets.tls) { >- break; >- } >- status = NT_STATUS_NETWORK_ACCESS_DENIED; >- result = LDAP_STRONG_AUTH_REQUIRED; >- errstr = talloc_asprintf(reply, >- "SASL:[%s]: not allowed if TLS is used.", >- req->creds.SASL.mechanism); >- break; >- case LDAP_SERVER_REQUIRE_STRONG_AUTH_YES: >- status = NT_STATUS_NETWORK_ACCESS_DENIED; >- result = LDAP_STRONG_AUTH_REQUIRED; >- errstr = talloc_asprintf(reply, >- "SASL:[%s]: Sign or Seal are required.", >- req->creds.SASL.mechanism); >- break; >- } > } > > if (result != LDAP_SUCCESS) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12301
: 12518