[Date Prev][Date Next] [Chronological] [Thread] [Top]

incorrect hostname in SASL bind within rebind function (ITS#3298)

To: openldap-its@OpenLDAP.org
Subject: incorrect hostname in SASL bind within rebind function (ITS#3298)
From: lukeh@padl.com
Date: Tue, 24 Aug 2004 03:07:03 GMT

Full_Name: Luke Howard
Version: 2.2.15
OS: Linux
URL: http://www.padl.com/~lukeh/sasl.diff
Submission from: (NULL) (203.13.32.92)


ldap_int_sasl_bind() calls ldap_host_connected_to() to determine the currently
connected host, which is passed to ldap_int_sasl_open().

In the case of the GSSAPI SASL mechanism, the SASL library uses this hostname to
determine which ticket to acquire for authenticating. We have a rebind callback
that will do a GSSAPI SASL bind on referral.

ldap_host_connected_to() actually returns the referring host rather than the
referred host, hence the wrong ticket is acquired and the SASL bind eventually
fails.

It appears that ld->ld_sb points to the referring host, whereas
ld->ld_defconn->lconn_sb points to the referred host.

See the attached patch for more information, it fixes the problem for me.

Prev by Date: syncrepl crasher (ITS#3297)
Next by Date: RE: io.c:710: ber_get_next: Assertion '0' failed. (ITS#3278)
Index(es):
- Chronological
- Thread