[Date Prev][Date Next] [Chronological] [Thread] [Top]

incorrect hostname in SASL bind within rebind function (ITS#3298)



Full_Name: Luke Howard
Version: 2.2.15
OS: Linux
URL: http://www.padl.com/~lukeh/sasl.diff
Submission from: (NULL) (203.13.32.92)


ldap_int_sasl_bind() calls ldap_host_connected_to() to determine the currently
connected host, which is passed to ldap_int_sasl_open().

In the case of the GSSAPI SASL mechanism, the SASL library uses this hostname to
determine which ticket to acquire for authenticating. We have a rebind callback
that will do a GSSAPI SASL bind on referral.

ldap_host_connected_to() actually returns the referring host rather than the
referred host, hence the wrong ticket is acquired and the SASL bind eventually
fails.

It appears that ld->ld_sb points to the referring host, whereas
ld->ld_defconn->lconn_sb points to the referred host.

See the attached patch for more information, it fixes the problem for me.