svn commit: samba r22153 - in branches/SAMBA_3_0/source/libads: .
metze at samba.org
metze at samba.org
Tue Apr 10 16:04:23 GMT 2007
Author: metze
Date: 2007-04-10 16:04:22 +0000 (Tue, 10 Apr 2007)
New Revision: 22153
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22153
Log:
fix LDAP SASL "GSSAPI" bind against w2k3, this isn't critical
because we try "GSS-SPNEGO" first and all windows version support
that.
metze
Modified:
branches/SAMBA_3_0/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0/source/libads/sasl.c 2007-04-10 16:00:13 UTC (rev 22152)
+++ branches/SAMBA_3_0/source/libads/sasl.c 2007-04-10 16:04:22 UTC (rev 22153)
@@ -441,7 +441,8 @@
gss_release_buffer(&minor_status, &output_token);
- output_token.value = SMB_MALLOC(strlen(ads->config.bind_path) + 8);
+ output_token.length = 4;
+ output_token.value = SMB_MALLOC(output_token.length);
p = (uint8 *)output_token.value;
*p++ = 1; /* no sign & seal selection */
@@ -449,11 +450,15 @@
*p++ = max_msg_size>>16;
*p++ = max_msg_size>>8;
*p++ = max_msg_size;
- snprintf((char *)p, strlen(ads->config.bind_path)+4, "dn:%s", ads->config.bind_path);
- p += strlen((const char *)p);
+ /*
+ * we used to add sprintf("dn:%s", ads->config.bind_path) here.
+ * but using ads->config.bind_path is the wrong! It should be
+ * the DN of the user object!
+ *
+ * w2k3 gives an error when we send an incorrect DN, but sending nothing
+ * is ok and matches the information flow used in GSS-SPNEGO.
+ */
- output_token.length = PTR_DIFF(p, output_token.value);
-
gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
&output_token, (int *)&conf_state,
&input_token);
More information about the samba-cvs
mailing list