[Bug 50572] New: LDAP_AUTH_NEGOTIATE login fails as authorization user is used instead of authentication user

[WineHQ Bugzilla]

https://bugs.winehq.org/show_bug.cgi?id=50572

            Bug ID: 50572
           Summary: LDAP_AUTH_NEGOTIATE login fails as authorization user
                    is used instead of authentication user
           Product: Wine
           Version: 6.0
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: wldap32
          Assignee: wine-bugs at winehq.org
          Reporter: damjan.jov at gmail.com
      Distribution: ---

In the "ldapsearch" command line tool, "-X" is the authorization user and "-U"
is the authentication user. For a server using LDAP_AUTH_NEGOTIATE, it must
have the authentication user - supplying only the authorization user always
fails:

$ ldapsearch -h HOSTNAME -v -X USERNAME -W
ldap_initialize( ldap://HOSTNAME )
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)   <=====================
        additional info: 8009030C: LdapErr: DSID-0C09055F, comment:
AcceptSecurityContext error, data 52e, v23f0

Changing the "-X" to "-U", it successfully logs in. If both "-X" and "-U" are
present, it also successfully logs in.

In dlls/wldap32/bind.c, in the callback function sasl_interact(), Wine supplies
its username to SASL_CB_USER which is like "-X", so login always fails the same
way. If I change it to supply the username to SASL_CB_AUTHNAME (like "-U"),
login succeeds.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.