Author: metze Date: 2006-12-12 22:43:35 +0000 (Tue, 12 Dec 2006) New Revision: 20141
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20141 Log: use the gensec_features of the cli_credentials for ildap connections, instead of hardcoded GENSEC_FEATURE_SEAL. That means plain LDAP is now the default. metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c =================================================================== --- branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c 2006-12-12 22:41:42 UTC (rev 20140) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c 2006-12-12 22:43:35 UTC (rev 20141) @@ -28,6 +28,7 @@ #include "lib/tls/tls.h" #include "auth/gensec/gensec.h" #include "auth/gensec/socket.h" +#include "auth/credentials/credentials.h" #include "lib/stream/packet.h" struct ldap_simple_creds { @@ -211,7 +212,7 @@ int count, i; const char **sasl_names; - + uint32_t old_gensec_features; static const char *supported_sasl_mech_attrs[] = { "supportedSASLMechanisms", NULL @@ -225,10 +226,12 @@ /* require Kerberos SIGN/SEAL only if we don't use SSL * Windows seem not to like double encryption */ - if (!tls_enabled(conn->sock)) { - gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL); + old_gensec_features = cli_credentials_get_gensec_features(creds); + if (tls_enabled(conn->sock)) { + cli_credentials_set_gensec_features(creds, 0); } + /* this call also sets the gensec_want_features */ status = gensec_set_credentials(conn->gensec, creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to set GENSEC creds: %s\n", @@ -236,6 +239,9 @@ goto failed; } + /* reset the original gensec_features */ + cli_credentials_set_gensec_features(creds, old_gensec_features); + if (conn->host) { status = gensec_set_target_hostname(conn->gensec, conn->host); if (!NT_STATUS_IS_OK(status)) {