summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2007-04-10 16:04:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:19:17 -0500
commit78c57f59ac7d47425ebb450205efc981575aab8d (patch)
tree566f5f05b79c0d4576a3e9d4b042419265fcf762
parent1ec9de1104f4563a5f3dbb96d41908d219e5b889 (diff)
downloadsamba-78c57f59ac7d47425ebb450205efc981575aab8d.tar.gz
samba-78c57f59ac7d47425ebb450205efc981575aab8d.tar.bz2
samba-78c57f59ac7d47425ebb450205efc981575aab8d.zip
r22153: fix LDAP SASL "GSSAPI" bind against w2k3, this isn't critical
because we try "GSS-SPNEGO" first and all windows version support that. metze (This used to be commit 34a5badbded0b2537ee854287931e2a7dc3aeb37)
-rw-r--r--source3/libads/sasl.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index b5f92044ef..2fc66bd929 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -441,7 +441,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
gss_release_buffer(&minor_status, &output_token);
- output_token.value = SMB_MALLOC(strlen(ads->config.bind_path) + 8);
+ output_token.length = 4;
+ output_token.value = SMB_MALLOC(output_token.length);
p = (uint8 *)output_token.value;
*p++ = 1; /* no sign & seal selection */
@@ -449,10 +450,14 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
*p++ = max_msg_size>>16;
*p++ = max_msg_size>>8;
*p++ = max_msg_size;
- snprintf((char *)p, strlen(ads->config.bind_path)+4, "dn:%s", ads->config.bind_path);
- p += strlen((const char *)p);
-
- output_token.length = PTR_DIFF(p, output_token.value);
+ /*
+ * we used to add sprintf("dn:%s", ads->config.bind_path) here.
+ * but using ads->config.bind_path is the wrong! It should be
+ * the DN of the user object!
+ *
+ * w2k3 gives an error when we send an incorrect DN, but sending nothing
+ * is ok and matches the information flow used in GSS-SPNEGO.
+ */
gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
&output_token, (int *)&conf_state,