So far it appears that SASL mechanisms require credentials supplied to them in a mechanism-specific form.
OpenLDAP's ldap_sasl_interactive_bind() passes the caller-supplied rmech to ldap_int_sasl_bind() in libraries/libldap/cyrus.c. There, it is populated from the chosen authentication mechanism (mech) returned by sasl_client_start(), before calling the interact() callback. By providing rmech to our sasl_interact() callback, it can know which SASL mechanism it is supplying credentials for, and can supply them in a mechanism-specific form.
Hans reported GSSAPI and GSS-SPNEGO want an empty AUTH_CB_USER. I verified DIGEST-MD5 wants AUTH_CB_AUTHNAME and doesn't mind if AUTH_CB_USER is supplied. Dmitry reported that for his mechanism (some variation of Kerberos?) AUTH_CB_AUTHNAME is used for initial tickets but AUTH_CB_USER is mandatory thereafter. This patch should hopefully make all those mechanisms happy.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50572 Signed-off-by: Damjan Jovanovic damjan.jov@gmail.com --- dlls/wldap32/bind.c | 65 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 58 insertions(+), 7 deletions(-)