From 763a553046bfb6e28998adfb671c473485e9f5dc Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Sat, 10 Feb 2007 20:29:09 +0000
Subject: r21273: * Protect the sasl bind against a NULL principal string   in
 the SPNEGO negTokenInit (This used to be commit
 fe70c224964bf15d626bfd4e0cc6d060e45bba87)

---
 source3/libads/sasl.c | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'source3/libads/sasl.c')

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 61fd54da1d..812f3961f1 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -223,7 +223,35 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 
 #ifdef HAVE_KRB5
 	if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
-	    got_kerberos_mechanism) {
+	    got_kerberos_mechanism) 
+	{
+		/* I've seen a child Windows 2000 domain not send 
+		   the principal name back in the first round of 
+		   the SASL bind reply.  So we guess based on server
+		   name and realm.  --jerry  */
+		if ( !principal ) {
+			if ( ads->server.realm && ads->server.ldap_server ) {
+				char *server, *server_realm;
+				
+				server = SMB_STRDUP( ads->server.ldap_server );
+				server_realm = SMB_STRDUP( ads->server.realm );
+				
+				if ( !server || !server_realm )
+					return ADS_ERROR(LDAP_NO_MEMORY);
+
+				strlower_m( server );
+				strupper_m( server_realm );				
+				asprintf( &principal, "ldap/%s@%s", server, server_realm );
+
+				SAFE_FREE( server );
+				SAFE_FREE( server_realm );
+
+				if ( !principal )
+					return ADS_ERROR(LDAP_NO_MEMORY);				
+			}
+			
+		}
+		
 		status = ads_sasl_spnego_krb5_bind(ads, principal);
 		if (ADS_ERR_OK(status)) {
 			SAFE_FREE(principal);
-- 
cgit