On Wednesday 04 October 2006 10:07, Biswatosh wrote: > > > 2)What if, > > > (a) realm != NULL > > > and (b) strcmp(realm,text->realm) != 0 > > > and (c) text->realm[0] == 0 , are all true? > > > > This is a != 0, not a == 0. So we make sure that... > > Yes, SASL code checks text->realm[0] != 0, correct but > my question was what if text->realm[0] == 0 ,and > having realm !=NULL and realm not same as text->realm Oh, I thought you had misread the patch. Sorry then. > Where is this being validated? Why are we not making > SETERROR(sparams->util,"realm changed: authentication > aborted") then? The realm has certainly changed,is not > it, even if text->realm is an empty string? To be honest, I am no expert on this code, I've only looked into the ntlm plugin a little, but from a quick look on the source code, I would say this: text is a context_t struct used for the authentication. The sanity check you were asking about is from digestmd5_server_mech_step2(). The context is initialized digestmd5_server_mech_new(), where it is memset to 0. (line 1002). Unless it's set by some helper function I missed while reading digestmd5_server_mech_step1(), it's not initialized on a new context when the sanity check happens in digestmd5_server_mech_step2(). So on the first run on a new context, text->realm[0] is always == 0. Thus it would not make sense to fail on that. This only makes sure that a context is not reused on a different realm. Cheers, Kai -- Kai Blin, <blin At gmx Dot net> WorldForge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin/ -- Ninjas and Pirates agree: Cowboys suck!
Attachment:
pgpQamUBA9RYs.pgp
Description: PGP signature
