From fe8e3b7efa1a3abd22f3c9ebf4b82ae28f270d74 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 7 Feb 2006 01:20:55 +0000 Subject: [PATCH] Kludge for MSAD (ITS#4391 and others) --- libraries/libldap/cyrus.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index d67d007823..6222090d23 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -753,13 +753,31 @@ ldap_int_sasl_bind( /* we're done, no need to step */ if( scred ) { /* but we got additional data? */ - Debug( LDAP_DEBUG_TRACE, - "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n", - rc, saslrc, scred ? scred->bv_len : -1 ); - - ber_bvfree( scred ); - rc = ld->ld_errno = LDAP_LOCAL_ERROR; - goto done; +#define KLUDGE_FOR_MSAD +#ifdef KLUDGE_FOR_MSAD + /* + * MSAD provides empty additional data in violation of LDAP + * technical specifications. As no existing SASL mechanism + * allows empty data with an outcome message, just ignore it + * for now. Hopefully MS will fix their bug before someone + * defines a mechanism with possibly empty additional data. + */ + if( scred->bv_len == 0 ) { + Debug( LDAP_DEBUG_ANY, + "ldap_int_sasl_bind: ignoring " + " bogus empty data provided with SASL outcome message.\n", + rc, saslrc, scred->bv_len ); + ber_bvfree( scred ); + } else +#endif + { + Debug( LDAP_DEBUG_TRACE, + "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n", + rc, saslrc, scred->bv_len ); + rc = ld->ld_errno = LDAP_LOCAL_ERROR; + ber_bvfree( scred ); + goto done; + } } break; } -- 2.39.5