From a68e1c65e7813f50d4f6899c03a051772775f761 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Mar 2010 09:50:09 +0200 Subject: [PATCH] s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIRED If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED, if "client ldap sasl wrapping = plain", instead of failing we now autoupgrade to "client ldap sasl wrapping = sign" for the given connection. metze (cherry picked from commit cc2ef27e369f0950ec931bf15cba4665c053ac53) --- source3/libads/sasl.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 9b4d8bd..4ff6aa9 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -1111,7 +1111,17 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads) for (j=0;values && values[j];j++) { if (strcmp(values[j], sasl_mechanisms[i].name) == 0) { DEBUG(4,("Found SASL mechanism %s\n", values[j])); +retry: status = sasl_mechanisms[i].fn(ads); + if (status.error_type == ENUM_ADS_ERROR_LDAP && + status.err.rc == LDAP_STRONG_AUTH_REQUIRED && + ads->ldap.wrap_type == ADS_SASLWRAP_TYPE_PLAIN) + { + DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED " + "retrying with signing enabled\n")); + ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SIGN; + goto retry; + } ldap_value_free(values); ldap_msgfree(res); return status; -- 1.6.3.3