r1803: more progress on sasl binds, but decoding the response still fails

metze
(This used to be commit f6c44201073df37881191509ffb7badee3baac71)

diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 3048c9411479cb0560ffcaf04c44916ff46ce33b..b17d5dc461d0ee4ed393c03a67482ae294efec21 100644 (file)
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -1066,6 +1066,26 @@ static void ldap_decode_response(TALLOC_CTX *mem_ctx,
        asn1_end_tag(data);
 }
 
+static void ldap_decode_BindResponse(TALLOC_CTX *mem_ctx,
+                                ASN1_DATA *data,
+                                enum ldap_request_tag tag,
+                                struct ldap_BindResponse *BindResp)
+{
+       asn1_start_tag(data, ASN1_APPLICATION(tag));
+       asn1_read_enumerated(data, &BindResp->response.resultcode);
+       asn1_read_OctetString_talloc(mem_ctx, data, &BindResp->response.dn);
+       asn1_read_OctetString_talloc(mem_ctx, data, &BindResp->response.errormessage);
+       if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
+               DATA_BLOB tmp_blob = data_blob(NULL, 0);
+               asn1_read_OctetString(data, &tmp_blob);
+               BindResp->SASL.secblob = data_blob_talloc(mem_ctx, tmp_blob.data, tmp_blob.length);
+               data_blob_free(&tmp_blob);
+       } else {
+               BindResp->SASL.secblob = data_blob(NULL, 0);
+       }
+       asn1_end_tag(data);
+}
+
 static BOOL add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx,
                                       const struct ldap_attribute *attrib,
                                       struct ldap_attribute **attribs,
@@ -1261,9 +1281,9 @@ BOOL ldap_decode(ASN1_DATA *data, struct ldap_message *msg)
        case ASN1_APPLICATION(LDAP_TAG_BindResponse): {
                struct ldap_BindResponse *r = &msg->r.BindResponse;
                msg->type = LDAP_TAG_BindResponse;
-               ldap_decode_response(msg->mem_ctx,
+               ldap_decode_BindResponse(msg->mem_ctx,
                                     data, LDAP_TAG_BindResponse,
-                                    &r->response);
+                                    r);
                break;
        }
 
@@ -1866,6 +1886,10 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha
                response = ldap_transaction(conn, msg);
                destroy_ldap_message(msg);
 
+               if (!response) {
+                       goto done;
+               }
+
                result = response->r.BindResponse.response.resultcode;
 
                if (result != LDAP_SUCCESS && result != LDAP_SASL_BIND_IN_PROGRESS) {
@@ -1873,7 +1897,7 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha
                }
 
                status = gensec_update(conn->gensec, mem_ctx,
-                                      response->r.BindResponse.SASL.creds,
+                                      response->r.BindResponse.SASL.secblob,
                                       &output);
 
                destroy_ldap_message(response);

diff --git a/source4/libcli/ldap/ldap.h b/source4/libcli/ldap/ldap.h
index fcd660f84189b337a112afbb08f09ecf699ffc17..af322e783a7b537d46ed0f63f3a6848a0f2b8eb1 100644 (file)
--- a/source4/libcli/ldap/ldap.h
+++ b/source4/libcli/ldap/ldap.h
@@ -85,7 +85,7 @@ struct ldap_BindRequest {
 struct ldap_BindResponse {
        struct ldap_Result response;
        union {
-               DATA_BLOB creds;
+               DATA_BLOB secblob;
        } SASL;
 };