curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

extra zero-terminator in SASL Kerberos

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Patrick Monnerat via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 30 Apr 2021 14:10:36 +0200

While attempting to implement sasl in openldap, I'm facing with a
Kerberos problem.

In Curl_auth_create_gssapi_security_message(), a comment says:

/* Populate the message with the security layer, client supported receive
    message size and authorization identity including the 0x00 based
    terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization
    identity is not terminated with the zero-valued (%x00) octet." it seems
    necessary to include it. */

This works as described, but the added zero-terminator fools the server
that includes it in the authorization identity.

Do we have details about why "it seems necessary to include it"? I
checked cyrus-sasl and libgsasl: they do not append this extra zero byte.

I also plan to replace the computed identity by the sasl_authzid. Any
objection ?

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-04-30

This message: [ Message body ]
Next message: Fulup Ar Foll via curl-library: "libcurl LDAP in asyncmod"
Previous message: Geoff Beier via curl-library: "Re: Problem adding TLS 1.3 support on curl - schannel on Windows 21H2 preview"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]