From 72e52a301102941c41ab423e0212fe9a1aed0405 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 15:08:57 +1000 Subject: [PATCH] Cleanup ldap_bind_sasl. With these changes, we don't leak the LDAP socket, and don't reset all credentials feature flags, just the ones we are actually incompatible with. Andrew Bartlett --- source/libcli/ldap/ldap_bind.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/source/libcli/ldap/ldap_bind.c b/source/libcli/ldap/ldap_bind.c index e1569e72963..65673116be1 100644 --- a/source/libcli/ldap/ldap_bind.c +++ b/source/libcli/ldap/ldap_bind.c @@ -234,7 +234,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, * Windows seem not to like double encryption */ old_gensec_features = cli_credentials_get_gensec_features(creds); if (tls_enabled(conn->sock)) { - cli_credentials_set_gensec_features(creds, 0); + cli_credentials_set_gensec_features(creds, old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL)); } /* this call also sets the gensec_want_features */ @@ -245,7 +245,8 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, goto failed; } - /* reset the original gensec_features */ + /* reset the original gensec_features (on the credentials + * context, so we don't tatoo it ) */ cli_credentials_set_gensec_features(creds, old_gensec_features); if (conn->host) { @@ -393,8 +394,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, &sasl_socket); if (!NT_STATUS_IS_OK(status)) goto failed; - talloc_steal(conn->sock, sasl_socket); - talloc_unlink(conn, conn->sock); conn->sock = sasl_socket; packet_set_socket(conn->packet, conn->sock); -- 2.47.3