[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
several V2 kbind related issues (ITS#717)
Full_Name: Karsten Kuenne
Version: 2.0.1
OS: Solaris 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (131.169.137.215)
I found several small bugs related to the LDAP-V2 kbind feature. First,
configure
didn't enable it, even with "--enable-kind --with-kerberos" given. Second, it
didn't
compile and third, the clients crashed immediately with SEGV. With the
following
small changes the client side (I tried ldapsearch) is working against a 1.2.11
server.
I didn't test the server side yet.
Following are the diffs:
*** ./clients/ud/auth.c.orig Wed Sep 6 18:57:46 2000
--- ./clients/ud/auth.c Wed Sep 6 18:58:16 2000
***************
*** 163,169 ****
/* if we're running as a server (e.g., out of inetd) */
if ( ! isatty( 1 ) ) {
! strcpy( tktpath, LDAP_TMPDIR LDAP_DEFSEP "ud_tktXXXXXX"
);
mktemp( tktpath );
krb_set_tkt_string( tktpath );
}
--- 163,169 ----
/* if we're running as a server (e.g., out of inetd) */
if ( ! isatty( 1 ) ) {
! strcpy( tktpath, LDAP_TMPDIR LDAP_DIRSEP "ud_tktXXXXXX"
);
mktemp( tktpath );
krb_set_tkt_string( tktpath );
}
*** ./libraries/libldap/open.c.orig Wed Sep 6 18:59:13 2000
--- ./libraries/libldap/open.c Wed Sep 6 19:00:00 2000
***************
*** 322,331 ****
}
#endif
- if ( conn->lconn_krbinstance != NULL ) {
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char *c;
! conn->lconn_krbinstance = ldap_host_connected_to( conn->sb );
if( conn->lconn_krbinstance != NULL &&
( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
--- 322,331 ----
}
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ if ( conn->lconn_krbinstance == NULL ) {
char *c;
! conn->lconn_krbinstance = ldap_host_connected_to( conn->lconn_sb
);
if( conn->lconn_krbinstance != NULL &&
( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
***************
*** 332,337 ****
--- 332,338 ----
*c = '\0';
}
#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+ if ( conn->lconn_krbinstance != NULL ) {
conn->lconn_krbinstance = NULL;
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
}
*** ./servers/slapd/back-ldbm/bind.c.orig Wed Sep 6 19:01:39 2000
--- ./servers/slapd/back-ldbm/bind.c Wed Sep 6 19:04:20 2000
***************
*** 215,221 ****
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
! if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) !=
0 ) {
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
--- 215,221 ----
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
! if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 )
{
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
*** ./configure.in.orig Wed Sep 6 19:39:30 2000
--- ./configure.in Wed Sep 6 19:41:52 2000
***************
*** 801,806 ****
--- 801,810 ----
ol_link_kpasswd=yes;
fi
+ if test $ol_enable_kbind != no ; then
+ ol_link_kbind=yes;
+ fi
+
if test $ol_with_kerberos = k5only ; then
ol_with_kerberos=found
fi
***************
*** 901,906 ****
--- 905,914 ----
ol_link_kpasswd=yes;
fi
+ if test $ol_link_krb4 = yes -a $ol_enable_kbind != no ; then
+ ol_link_kbind=yes;
+ fi
+
if test $ol_link_krb4 = yes -o $ol_link_krb5 = yes ; then
AC_DEFINE(HAVE_KERBEROS, 1, [define if you have Kerberos])