sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-10-19 23:33:15 +03:00
Code Activity

r21273: * Protect the sasl bind against a NULL principal string

Browse Source 
in the SPNEGO negTokenInit
(This used to be commit fe70c22496)
This commit is contained in:
Gerald Carter
2007-02-10 20:29:09 +00:00
committed by Gerald (Jerry) Carter
parent bea1025b1a
commit 763a553046
1 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
source3/libads/sasl.c
View File

@@ -223,7 +223,35 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
#ifdef HAVE_KRB5 #ifdef HAVE_KRB5
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism) { got_kerberos_mechanism)
{
/* I've seen a child Windows 2000 domain not send
the principal name back in the first round of
the SASL bind reply. So we guess based on server
name and realm. --jerry */
if ( !principal ) {
if ( ads->server.realm && ads->server.ldap_server ) {
char *server, *server_realm;
server = SMB_STRDUP( ads->server.ldap_server );
server_realm = SMB_STRDUP( ads->server.realm );
if ( !server || !server_realm )
return ADS_ERROR(LDAP_NO_MEMORY);
strlower_m( server );
strupper_m( server_realm );
asprintf( &principal, "ldap/%s@%s", server, server_realm );
SAFE_FREE( server );
SAFE_FREE( server_realm );
if ( !principal )
return ADS_ERROR(LDAP_NO_MEMORY);
}
}
status = ads_sasl_spnego_krb5_bind(ads, principal); status = ads_sasl_spnego_krb5_bind(ads, principal);
if (ADS_ERR_OK(status)) { if (ADS_ERR_OK(status)) {
SAFE_FREE(principal); SAFE_FREE(principal);