r22153: fix LDAP SASL "GSSAPI" bind against w2k3, this isn't critical

because we try "GSS-SPNEGO" first and all windows version support
that.

metze
(This used to be commit 34a5badbded0b2537ee854287931e2a7dc3aeb37)

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index b5f92044ef6125a8d2af5289b67aa11e029b51d7..2fc66bd92918e0b5fc1203a910b60a46d599c5a0 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -441,7 +441,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 
        gss_release_buffer(&minor_status, &output_token);
 
-       output_token.value = SMB_MALLOC(strlen(ads->config.bind_path) + 8);
+       output_token.length = 4;
+       output_token.value = SMB_MALLOC(output_token.length);
        p = (uint8 *)output_token.value;
 
        *p++ = 1; /* no sign & seal selection */
@@ -449,10 +450,14 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
        *p++ = max_msg_size>>16;
        *p++ = max_msg_size>>8;
        *p++ = max_msg_size;
-       snprintf((char *)p, strlen(ads->config.bind_path)+4, "dn:%s", ads->config.bind_path);
-       p += strlen((const char *)p);
-
-       output_token.length = PTR_DIFF(p, output_token.value);
+       /*
+        * we used to add sprintf("dn:%s", ads->config.bind_path) here.
+        * but using ads->config.bind_path is the wrong! It should be
+        * the DN of the user object!
+        *
+        * w2k3 gives an error when we send an incorrect DN, but sending nothing
+        * is ok and matches the information flow used in GSS-SPNEGO.
+        */
 
        gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
                          &output_token, (int *)&conf_state,