r21273: * Protect the sasl bind against a NULL principal string

author Gerald Carter <jerry@samba.org>

Sat, 10 Feb 2007 20:29:09 +0000 (20:29 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:17:53 +0000 (12:17 -0500)
author Gerald Carter <jerry@samba.org>
Sat, 10 Feb 2007 20:29:09 +0000 (20:29 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:17:53 +0000 (12:17 -0500)
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c

index 61fd54da1da79a0f910170c5540689d0be6de369..812f3961f195bb900a4afe4fffa9cf7fe654381b 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -223,7 +223,35 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
  
  #ifdef HAVE_KRB5
         if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
-           got_kerberos_mechanism) {
+           got_kerberos_mechanism) 
+       {
+               /* I've seen a child Windows 2000 domain not send 
+                  the principal name back in the first round of 
+                  the SASL bind reply.  So we guess based on server
+                  name and realm.  --jerry  */
+               if ( !principal ) {
+                       if ( ads->server.realm && ads->server.ldap_server ) {
+                               char *server, *server_realm;
+                               
+                               server = SMB_STRDUP( ads->server.ldap_server );
+                               server_realm = SMB_STRDUP( ads->server.realm );
+                               
+                               if ( !server || !server_realm )
+                                       return ADS_ERROR(LDAP_NO_MEMORY);
+
+                               strlower_m( server );
+                               strupper_m( server_realm );                             
+                               asprintf( &principal, "ldap/%s@%s", server, server_realm );
+
+                               SAFE_FREE( server );
+                               SAFE_FREE( server_realm );
+
+                               if ( !principal )
+                                       return ADS_ERROR(LDAP_NO_MEMORY);                               
+                       }
+                       
+               }
+               
                 status = ads_sasl_spnego_krb5_bind(ads, principal);
                 if (ADS_ERR_OK(status)) {
                         SAFE_FREE(principal);
author	Gerald Carter <jerry@samba.org>
	Sat, 10 Feb 2007 20:29:09 +0000 (20:29 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:17:53 +0000 (12:17 -0500)