[SCM] Samba Shared Repository - branch master updated

Thu, 06 Jan 2011 15:04:17 -0800 

The branch, master has been updated
       via  a7bdb49 s4-ldap_server Allow multiple binds on LDAP server
      from  fa1fd85 s3-net: Fix bug #7690: retry DNS updates when connection to 
one nameserver has failed.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a7bdb491885f6afd54604d8a968c12b6015daa2d
Author: Andrew Bartlett <[email protected]>
Date:   Thu Jan 6 15:25:29 2011 +1100

    s4-ldap_server Allow multiple binds on LDAP server
    
    Autobuild-User: Andrew Bartlett <[email protected]>
    Autobuild-Date: Fri Jan  7 00:02:23 CET 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source4/ldap_server/ldap_bind.c |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 25be480..92afb80 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -243,12 +243,26 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call 
*call)
                                                 req->creds.SASL.mechanism);
                }
 
+               if (context && conn->sockets.sasl) {
+                       TALLOC_FREE(context);
+                       status = NT_STATUS_NOT_SUPPORTED;
+                       result = LDAP_UNWILLING_TO_PERFORM;
+                       errstr = talloc_asprintf(reply,
+                                                "SASL:[%s]: Sign or Seal are 
not allowed if SASL encryption has already been set up",
+                                                req->creds.SASL.mechanism);
+               }
+
                if (context) {
                        context->conn = conn;
                        status = gensec_create_tstream(context,
                                                       context->conn->gensec,
                                                       
context->conn->sockets.raw,
                                                       &context->sasl);
+                       if (NT_STATUS_IS_OK(status)) {
+                               if (!talloc_reference(context->sasl, 
conn->gensec)) {
+                                       status = NT_STATUS_NO_MEMORY;
+                               }
+                       }
                }
 
                if (result != LDAP_SUCCESS) {
@@ -294,12 +308,16 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call 
*call)
                        call->postprocess_recv = ldapsrv_sasl_postprocess_recv;
                        call->postprocess_private = context;
                }
+               talloc_unlink(conn, conn->gensec);
+               conn->gensec = NULL;
        } else {
                status = auth_nt_status_squash(status);
                if (result == 0) {
                        result = LDAP_INVALID_CREDENTIALS;
                        errstr = talloc_asprintf(reply, "SASL:[%s]: %s", 
req->creds.SASL.mechanism, nt_errstr(status));
                }
+               talloc_unlink(conn, conn->gensec);
+               conn->gensec = NULL;
        }
 
        resp->response.resultcode = result;


-- 
Samba Shared Repository

Reply via email to