svn commit: samba r21273 - in branches: SAMBA_3_0/source/libads SAMBA_3_0_25/source/libads

[jerry at samba.org]

Author: jerry
Date: 2007-02-10 20:29:09 +0000 (Sat, 10 Feb 2007)
New Revision: 21273

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21273

Log:
* Protect the sasl bind against a NULL principal string 
  in the SPNEGO negTokenInit


Modified:
   branches/SAMBA_3_0/source/libads/sasl.c
   branches/SAMBA_3_0_25/source/libads/sasl.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0/source/libads/sasl.c	2007-02-10 19:44:16 UTC (rev 21272)
+++ branches/SAMBA_3_0/source/libads/sasl.c	2007-02-10 20:29:09 UTC (rev 21273)
@@ -223,7 +223,35 @@
 
 #ifdef HAVE_KRB5
 	if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
-	    got_kerberos_mechanism) {
+	    got_kerberos_mechanism) 
+	{
+		/* I've seen a child Windows 2000 domain not send 
+		   the principal name back in the first round of 
+		   the SASL bind reply.  So we guess based on server
+		   name and realm.  --jerry  */
+		if ( !principal ) {
+			if ( ads->server.realm && ads->server.ldap_server ) {
+				char *server, *server_realm;
+				
+				server = SMB_STRDUP( ads->server.ldap_server );
+				server_realm = SMB_STRDUP( ads->server.realm );
+				
+				if ( !server || !server_realm )
+					return ADS_ERROR(LDAP_NO_MEMORY);
+
+				strlower_m( server );
+				strupper_m( server_realm );				
+				asprintf( &principal, "ldap/%s@%s", server, server_realm );
+
+				SAFE_FREE( server );
+				SAFE_FREE( server_realm );
+
+				if ( !principal )
+					return ADS_ERROR(LDAP_NO_MEMORY);				
+			}
+			
+		}
+		
 		status = ads_sasl_spnego_krb5_bind(ads, principal);
 		if (ADS_ERR_OK(status)) {
 			SAFE_FREE(principal);

Modified: branches/SAMBA_3_0_25/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0_25/source/libads/sasl.c	2007-02-10 19:44:16 UTC (rev 21272)
+++ branches/SAMBA_3_0_25/source/libads/sasl.c	2007-02-10 20:29:09 UTC (rev 21273)
@@ -223,7 +223,35 @@
 
 #ifdef HAVE_KRB5
 	if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
-	    got_kerberos_mechanism) {
+	    got_kerberos_mechanism) 
+	{
+		/* I've seen a child Windows 2000 domain not send 
+		   the principal name back in the first round of 
+		   the SASL bind reply.  So we guess based on server
+		   name and realm.  --jerry  */
+		if ( !principal ) {
+			if ( ads->server.realm && ads->server.ldap_server ) {
+				char *server, *server_realm;
+				
+				server = SMB_STRDUP( ads->server.ldap_server );
+				server_realm = SMB_STRDUP( ads->server.realm );
+				
+				if ( !server || !server_realm )
+					return ADS_ERROR(LDAP_NO_MEMORY);
+
+				strlower_m( server );
+				strupper_m( server_realm );				
+				asprintf( &principal, "ldap/%s@%s", server, server_realm );
+
+				SAFE_FREE( server );
+				SAFE_FREE( server_realm );
+
+				if ( !principal )
+					return ADS_ERROR(LDAP_NO_MEMORY);				
+			}
+			
+		}
+		
 		status = ads_sasl_spnego_krb5_bind(ads, principal);
 		if (ADS_ERR_OK(status)) {
 			SAFE_FREE(principal);