[Date Prev][Date Next] [Chronological] [Thread] [Top]

several V2 kbind related issues (ITS#717)



Full_Name: Karsten Kuenne
Version: 2.0.1
OS: Solaris 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (131.169.137.215)


I found several small bugs related to the LDAP-V2 kbind feature. First,
configure
didn't enable it, even with "--enable-kind --with-kerberos" given. Second, it
didn't
compile and third, the clients crashed immediately with SEGV. With the
following
small changes the client side (I tried ldapsearch) is working against a 1.2.11
server.
I didn't test the server side yet.
Following are the diffs:

*** ./clients/ud/auth.c.orig    Wed Sep  6 18:57:46 2000
--- ./clients/ud/auth.c Wed Sep  6 18:58:16 2000
***************
*** 163,169 ****
  
                /* if we're running as a server (e.g., out of inetd) */
                if ( ! isatty( 1 ) ) {
!                       strcpy( tktpath, LDAP_TMPDIR LDAP_DEFSEP "ud_tktXXXXXX"
);
                        mktemp( tktpath );
                        krb_set_tkt_string( tktpath );
                }
--- 163,169 ----
  
                /* if we're running as a server (e.g., out of inetd) */
                if ( ! isatty( 1 ) ) {
!                       strcpy( tktpath, LDAP_TMPDIR LDAP_DIRSEP "ud_tktXXXXXX"
);
                        mktemp( tktpath );
                        krb_set_tkt_string( tktpath );
                }
*** ./libraries/libldap/open.c.orig     Wed Sep  6 18:59:13 2000
--- ./libraries/libldap/open.c  Wed Sep  6 19:00:00 2000
***************
*** 322,331 ****
        }
  #endif
  
-       if ( conn->lconn_krbinstance != NULL ) {
  #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
                char *c;
!               conn->lconn_krbinstance = ldap_host_connected_to( conn->sb );
  
                if( conn->lconn_krbinstance != NULL && 
                    ( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
--- 322,331 ----
        }
  #endif
  
  #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+       if ( conn->lconn_krbinstance == NULL ) {
                char *c;
!               conn->lconn_krbinstance = ldap_host_connected_to( conn->lconn_sb
);
  
                if( conn->lconn_krbinstance != NULL && 
                    ( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
***************
*** 332,337 ****
--- 332,338 ----
                        *c = '\0';
                }
  #else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+       if ( conn->lconn_krbinstance != NULL ) {
                conn->lconn_krbinstance = NULL;
  #endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
        }
*** ./servers/slapd/back-ldbm/bind.c.orig       Wed Sep  6 19:01:39 2000
--- ./servers/slapd/back-ldbm/bind.c    Wed Sep  6 19:04:20 2000
***************
*** 215,221 ****
                        krbval.bv_val = krbname;
                        krbval.bv_len = strlen( krbname );
  
!                       if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) !=
0 ) {
                                send_ldap_result( conn, op,
                                    LDAP_INVALID_CREDENTIALS,
                                        NULL, NULL, NULL, NULL );
--- 215,221 ----
                        krbval.bv_val = krbname;
                        krbval.bv_len = strlen( krbname );
  
!                       if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 )
{
                                send_ldap_result( conn, op,
                                    LDAP_INVALID_CREDENTIALS,
                                        NULL, NULL, NULL, NULL );
*** ./configure.in.orig Wed Sep  6 19:39:30 2000
--- ./configure.in      Wed Sep  6 19:41:52 2000
***************
*** 801,806 ****
--- 801,810 ----
                                ol_link_kpasswd=yes;
                        fi
  
+                       if test $ol_enable_kbind != no ; then
+                               ol_link_kbind=yes;
+                       fi
+ 
                        if test $ol_with_kerberos = k5only ; then
                                ol_with_kerberos=found
                        fi
***************
*** 901,906 ****
--- 905,914 ----
        ol_link_kpasswd=yes;
  fi
  
+ if test $ol_link_krb4 = yes -a $ol_enable_kbind != no ; then
+       ol_link_kbind=yes;
+ fi
+ 
  if test $ol_link_krb4 = yes -o $ol_link_krb5 = yes ; then
        AC_DEFINE(HAVE_KERBEROS, 1, [define if you have Kerberos])