s3:libads: use GSS-SPNEGO directly without asking for supportedSASLMechanisms

Every AD DC supports 'GSS-SPNEGO' and that's the only one we use anyway,
so remove an unused roundtrip.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 5ae8b999e66914e4e88fb5f43001d78f77b585ff..da66d7d0a20bcb7dc760976c70ae9211a51d87b0 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -790,30 +790,11 @@ done:
        return status;
 }
 
-/* mapping between SASL mechanisms and functions */
-static struct {
-       const char *name;
-       ADS_STATUS (*fn)(ADS_STRUCT *);
-} sasl_mechanisms[] = {
-       {"GSS-SPNEGO", ads_sasl_spnego_bind},
-       {NULL, NULL}
-};
-
 ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
 {
-       const char *attrs[] = {"supportedSASLMechanisms", NULL};
-       char **values;
        ADS_STATUS status;
-       int i, j;
-       LDAPMessage *res;
        struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
 
-       /* get a list of supported SASL mechanisms */
-       status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
-       if (!ADS_ERR_OK(status)) return status;
-
-       values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms");
-
        if (ads->auth.flags & ADS_AUTH_SASL_SEAL) {
                wrap->wrap_type = ADS_SASLWRAP_TYPE_SEAL;
        } else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) {
@@ -822,33 +803,18 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
                wrap->wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
        }
 
-       /* try our supported mechanisms in order */
-       for (i=0;sasl_mechanisms[i].name;i++) {
-               /* see if the server supports it */
-               for (j=0;values && values[j];j++) {
-                       if (strcmp(values[j], sasl_mechanisms[i].name) == 0) {
-                               DEBUG(4,("Found SASL mechanism %s\n", values[j]));
 retry:
-                               status = sasl_mechanisms[i].fn(ads);
-                               if (status.error_type == ENUM_ADS_ERROR_LDAP &&
-                                   status.err.rc == LDAP_STRONG_AUTH_REQUIRED &&
-                                   wrap->wrap_type == ADS_SASLWRAP_TYPE_PLAIN)
-                               {
-                                       DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED "
-                                                "retrying with signing enabled\n"));
-                                       wrap->wrap_type = ADS_SASLWRAP_TYPE_SIGN;
-                                       goto retry;
-                               }
-                               ldap_value_free(values);
-                               ldap_msgfree(res);
-                               return status;
-                       }
-               }
+       status = ads_sasl_spnego_bind(ads);
+       if (status.error_type == ENUM_ADS_ERROR_LDAP &&
+           status.err.rc == LDAP_STRONG_AUTH_REQUIRED &&
+           wrap->wrap_type == ADS_SASLWRAP_TYPE_PLAIN)
+       {
+               DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED "
+                        "retrying with signing enabled\n"));
+               wrap->wrap_type = ADS_SASLWRAP_TYPE_SIGN;
+               goto retry;
        }
-
-       ldap_value_free(values);
-       ldap_msgfree(res);
-       return ADS_ERROR(LDAP_AUTH_METHOD_NOT_SUPPORTED);
+       return status;
 }
 
 #endif /* HAVE_LDAP */