[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
incorrect hostname in SASL bind within rebind function (ITS#3298)
Full_Name: Luke Howard
Version: 2.2.15
OS: Linux
URL: http://www.padl.com/~lukeh/sasl.diff
Submission from: (NULL) (203.13.32.92)
ldap_int_sasl_bind() calls ldap_host_connected_to() to determine the currently
connected host, which is passed to ldap_int_sasl_open().
In the case of the GSSAPI SASL mechanism, the SASL library uses this hostname to
determine which ticket to acquire for authenticating. We have a rebind callback
that will do a GSSAPI SASL bind on referral.
ldap_host_connected_to() actually returns the referring host rather than the
referred host, hence the wrong ticket is acquired and the SASL bind eventually
fails.
It appears that ld->ld_sb points to the referring host, whereas
ld->ld_defconn->lconn_sb points to the referred host.
See the attached patch for more information, it fixes the problem for me.