Commit 6437785a authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Initial implementation of Kerberos password verification for

simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
parent 6e11a98d
......@@ -49,6 +49,7 @@
LDAP_API_FEATURE_X_OPENLDAP_REENTRANT
LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
LDAP_API_FEATURE_X_OPENLDAP_V2_DNS
LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
*/
......
......@@ -121,10 +121,12 @@ AC_DEFS = @CPPFLAGS@ # @DEFS@
AC_LDFLAGS = @LDFLAGS@
AC_LIBS = @LIBS@
KRB_LIBS = @KRB_LIBS@
KRB4_LIBS = @KRB4_LIBS@
KRB5_LIBS = @KRB5_LIBS@
KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
SASL_LIBS = @SASL_LIBS@
TLS_LIBS = @TLS_LIBS@
SECURITY_LIBS = @SASL_LIBS@ @KRB_LIBS@ @TLS_LIBS@
SECURITY_LIBS = @SASL_LIBS@ $(KRB_LIBS) @TLS_LIBS@
MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
......
......@@ -50,7 +50,7 @@ main( int argc, char **argv )
while (( i = getopt( argc, argv, "WMnvkKcrh:P:p:D:w:d:f:" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......@@ -59,7 +59,7 @@ main( int argc, char **argv )
#endif
break;
case 'K': /* kerberos bind, part one only */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......
......@@ -138,7 +138,7 @@ main( int argc, char **argv )
replace = 1;
break;
case 'k': /* kerberos bind */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......@@ -147,7 +147,7 @@ main( int argc, char **argv )
#endif
break;
case 'K': /* kerberos bind, part 1 only */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......
......@@ -64,7 +64,7 @@ main(int argc, char **argv)
while (( i = getopt( argc, argv, "WkKMcnvrh:P:p:D:w:d:f:s:" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......@@ -72,7 +72,7 @@ main(int argc, char **argv)
#endif
break;
case 'K': /* kerberos bind, part one only */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......
......@@ -63,7 +63,7 @@ usage( const char *s )
" -D binddn\tbind dn\n"
" -w passwd\tbind passwd (for simple authentication)\n"
" -W\t\tprompt for bind passwd\n"
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
" -k\t\tuse Kerberos instead of Simple Password authentication\n"
#endif
" -h host\tldap server\n"
......@@ -143,14 +143,14 @@ main( int argc, char **argv )
debug |= atoi( optarg );
break;
case 'k': /* use kerberos bind */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'K': /* use kerberos bind, 1st part only */
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]);
......
......@@ -37,7 +37,7 @@
#include "ldap_defaults.h"
#include "ud.h"
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
static char tktpath[20]; /* ticket file path */
static int kinit();
static int valid_tgt();
......@@ -60,7 +60,7 @@ auth( char *who, int implicit )
char *user;
#endif
char uidname[20];
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char **krbnames; /* for kerberos names */
int kinited, ikrb;
char buf[5];
......@@ -148,7 +148,7 @@ auth( char *who, int implicit )
rdns = ldap_explode_dn(Entry.DN, TRUE);
printf(" Authenticating to the directory as \"%s\"...\n", *rdns );
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
/*
* First, if the user has a choice of auth methods, ask which
* one they want to use. if they want kerberos, ask which
......@@ -247,7 +247,7 @@ auth( char *who, int implicit )
(void) ldap_value_free(rdns);
return(0);
}
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
}
(void) ldap_value_free(krbnames);
#endif
......@@ -259,13 +259,13 @@ auth( char *who, int implicit )
if (ld_errno == LDAP_NO_SUCH_ATTRIBUTE)
fprintf(stderr, " Entry has no password\n");
else if (ld_errno == LDAP_INVALID_CREDENTIALS)
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if ( authmethod == LDAP_AUTH_KRBV4 ) {
fprintf(stderr, " The Kerberos credentials are invalid.\n");
} else {
#endif
fprintf(stderr, " The password you provided is incorrect.\n");
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
}
#endif
else
......@@ -294,7 +294,7 @@ auth( char *who, int implicit )
return(0);
}
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#define FIVEMINS ( 5 * 60 )
#define TGT "krbtgt"
......
......@@ -44,7 +44,7 @@ struct attribute attrlist[] = {
#ifdef UOFM
{ "multiLineDescription", "Description", change_field, ATTR_FLAG_PERSON | ATTR_FLAG_GROUP | ATTR_FLAG_READ | ATTR_FLAG_PERSON_MOD | ATTR_FLAG_GROUP_MOD | ATTR_FLAG_IS_MULTILINE },
#endif
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
{ "krbName", "Kerberos name", 0, ATTR_FLAG_PERSON | ATTR_FLAG_READ },
#endif
{ "description", "Brief description", 0, ATTR_FLAG_PERSON | ATTR_FLAG_GROUP | ATTR_FLAG_READ },
......
......@@ -280,7 +280,7 @@ do_commands( void )
printf(" Thank you!\n");
ldap_unbind(ld);
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
destroy_tickets();
#endif
exit( EXIT_SUCCESS );
......
......@@ -5,7 +5,7 @@
*/
#include "portable.h"
#if defined(HAVE_KERBEROS) && !defined(openbsd)
#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) && !defined(openbsd)
/*
* Copyright 1985, 1986, 1987, 1988, 1989 by the Massachusetts Institute
* of Technology.
......
......@@ -85,7 +85,7 @@
/*
* Authentication method we will be using.
*/
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#define UD_AUTH_METHOD LDAP_AUTH_KRBV4
#else
#define UD_AUTH_METHOD LDAP_AUTH_SIMPLE
......@@ -193,7 +193,7 @@ extern char Version[];
/* in auth.c: */
int auth LDAP_P(( char *who, int implicit ));
#if defined(HAVE_KERBEROS) && defined(_AC_KRB_H)
#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) && defined(_AC_KRB_H)
int krbgetpass LDAP_P(( char *u, char *in, char *re, char *pw, C_Block key ));
void destroy_tickets LDAP_P(( void ));
#endif
......@@ -264,7 +264,7 @@ void print_URL LDAP_P(( struct attribute A ));
void print_one_URL LDAP_P(( char *s, int l_lead, char *tag, int u_lead ));
/* in string_to_key.c: */
#if defined(HAVE_KERBEROS) && !defined(openbsd) && defined(_AC_KRB_H)
#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) && !defined(openbsd) && defined(_AC_KRB_H)
#if defined(HAVE_AFS_KERBEROS) || !defined(HAVE_KERBEROS_V)
void des_string_to_key LDAP_P(( char *str, des_cblock *key ));
#endif
......
......@@ -104,7 +104,7 @@ fatal( char *s )
{
if (errno != 0)
perror(s);
#ifdef HAVE_KERBEROS
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
destroy_tickets();
#endif
exit( EXIT_FAILURE );
......
This diff is collapsed.
dnl $OpenLDAP$
dnl
dnl Copyright 1998,1999 The OpenLDAP Foundation. All Rights Reserved.
dnl Copyright 1998-2000 The OpenLDAP Foundation. All Rights Reserved.
dnl
dnl Redistribution and use in source and binary forms are permitted only
dnl as authorized by the OpenLDAP Public License. A copy of this
......@@ -15,14 +15,14 @@ define([AC_INIT_BINSH],
# $]OpenLDAP[$
# from] translit([$OpenLDAP$], $")] [
# Copyright 1998,1999 The OpenLDAP Foundation. All Rights Reserved.
# Copyright 1998-2000 The OpenLDAP Foundation. All Rights Reserved.
#
# Redistribution and use in source and binary forms are permitted only
# as authorized by the OpenLDAP Public License. A copy of this
# license is available at http://www.OpenLDAP.org/license.html or
# in file LICENSE in the top-level directory of the distribution.
echo "Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved."
echo "Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved."
echo "Copying restrictions apply, see COPYRIGHT file."
])dnl
dnl ----------------------------------------------------------------
......@@ -96,6 +96,7 @@ OL_ARG_ENABLE(proctitle,[ --enable-proctitle enable proctitle support], yes)dnl
OL_ARG_ENABLE(cache,[ --enable-cache enable caching], yes)dnl
OL_ARG_ENABLE(dns,[ --enable-dns enable V2 DX Referrals extension], no)dnl
OL_ARG_ENABLE(referrals,[ --enable-referrals enable V2 Referrals extension], yes)dnl
OL_ARG_ENABLE(kbind,[ --enable-kbind enable V2 Kerberos IV bind], auto)dnl
OL_ARG_ENABLE(cldap,[ --enable-cldap enable connectionless ldap], no)dnl
OL_ARG_ENABLE(ldapi,[ --enable-ldapi enable domain socket (PF_LOCAL) ldap], no)dnl
OL_ARG_ENABLE(x_compile,[ --enable-x-compile enable cross compiling],
......@@ -109,8 +110,8 @@ OL_ARG_WITH(cyrus_sasl,[ --with-cyrus-sasl with Cyrus SASL support],
auto, [auto yes no] )
OL_ARG_WITH(fetch,[ --with-fetch with fetch URL support],
auto, [auto yes no] )
OL_ARG_WITH(kerberos,[ --with-kerberos with Kerberos support],
auto, [auto k5 kth k4 afs yes no])
OL_ARG_WITH(kerberos,[ --with-kerberos with support],
auto, [auto k5 k5only k425 kth k4 afs yes no])
OL_ARG_WITH(readline,[ --with-readline with readline support],
auto, [auto yes no] )
OL_ARG_WITH(threads,[ --with-threads use threads],
......@@ -133,6 +134,7 @@ AC_ARG_WITH(xxslapdoptions,[SLAPD (Standalone LDAP Daemon) Options:])
OL_ARG_ENABLE(slapd,[ --enable-slapd enable building slapd], yes)dnl
OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], yes)dnl
OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], auto)dnl
OL_ARG_ENABLE(kpasswd,[ --enable-kpasswd enable kerberos password verification], no)dnl
OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
OL_ARG_ENABLE(multimaster,[ --enable-multimaster enable multimaster replication], no)dnl
OL_ARG_ENABLE(phonetic,[ --enable-phonetic enable phonetic/soundex], no)dnl
......@@ -380,6 +382,12 @@ if test $ol_enable_slurpd = yes ; then
fi
fi
if test $ol_enable_kbind = yes -o $ol_enable_kpasswd = yes ; then
if test $ol_with_kerberos = no ; then
AC_MSG_ERROR([options require --with-kerberos])
fi
fi
AC_MSG_RESULT(done)
dnl ----------------------------------------------------------------
......@@ -425,7 +433,8 @@ MOD_PERL_LDFLAGS=
PERL_CPPFLAGS=
MOD_TCL_LIB=
KRB_LIBS=
KRB4_LIBS=
KRB5_LIBS=
READLINE_LIBS=
SASL_LIBS=
TERMCAP_LIBS=
......@@ -818,28 +827,96 @@ fi
dnl ----------------------------------------------------------------
dnl Kerberos
ol_link_kerberos=no
ol_link_krb5=no
if test $ol_with_kerberos = auto -o $ol_with_kerberos = k5 \
-o $ol_with_kerberos = k5only -o $ol_with_kerberos = k425 ; then
AC_CHECK_HEADERS(krb5.h)
if test $ac_cv_header_krb5_h = yes ; then
dnl lazy check for Heimdal Kerberos
AC_CHECK_HEADERS(heim_err.h)
if test $ac_cv_header_heim_err_h = yes ; then
krb5_impl=heimdal
else
krb5_impl=mit
fi
if test $krb5_impl = mit; then
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -lcrypto -lcom_err"],
[have_krb5=no],
[-lcrypto -lcom_err])
elif test $krb5_impl = heimdal; then
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -ldes -lasn1 -lroken -lcom_err"],
[have_krb5=no],
[-ldes -lasn1 -lroken -lcom_err])
AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1,
[define if you have HEIMDAL Kerberos])
else
have_krb5=no
AC_MSG_WARN([Unrecongized Kerberos5 Implementation])
fi
if test $have_krb5 = yes ; then
ol_link_krb5=yes
AC_DEFINE(HAVE_KRB5, 1,
[define if you have Kerberos V])
if test $ol_with_kerberos = k5only ; then
ol_with_kerberos=found
fi
elif test $ol_with_kerberos != auto ; then
AC_MSG_ERROR([Required Kerberos 5 support not available])
fi
fi
fi
ol_link_krb4=no
if test $ol_link_krb5 = yes -a \
\( $ol_with_kerberos = auto -o $ol_with_kerberos = k425 \) ; then
if test $ol_with_kerberos = auto -o $ol_with_kerberos = k5 ; then
AC_CHECK_HEADERS(kerberosIV/krb.h kerberosIV/des.h)
if test $ac_cv_header_kerberosIV_krb_h = yes ; then
AC_CHECK_LIB(krb4, main, [have_k5=yes], [have_k5=no],
[-lkrb5 -ldes425 -lcrypto -lcom_err])
if test $krb5_impl = mit; then
AC_CHECK_LIB(krb4, main, [have_k425=yes
KRB4_LIBS="-lkrb4 -ldes425"], [have_k425=no],
[-ldes425 -lkrb5 -lcrypto -lcom_err])
if test $have_k5 = yes ; then
ol_with_kerberos=found
ol_link_kerberos=yes
elif test $krb5_impl = heimdal; then
AC_CHECK_LIB(krb4, main, [have_k425=yes
KRB4_LIBS="-lkrb4"], [have_k425=no],
[-lkrb5 -ldes -lasn1 -lroken -lcom_err])
KRB_LIBS="-lkrb4 -lkrb5 -ldes425 -lcrypto -lcom_err"
else
have_425=no
AC_MSG_WARN([Unrecongized Kerberos5 Implementation])
fi
if test $have_k425 = yes ; then
ol_with_kerberos=found
ol_link_krb4=yes
LIBS="$KRB_LIBS $LIBS"
AC_DEFINE(HAVE_KRB425, 1,
[define if you have Kerberos V with IV support])
AC_DEFINE(HAVE_KRB4, 1,
[define if you have Kerberos IV])
AC_CACHE_CHECK([for des_debug in Kerberos libraries],
[ol_cv_var_des_debug], [
dnl save the flags
save_LIBS="$LIBS"
LIBS="$KRB_LIBS $LIBS"
LIBS="$KRB4_LIBS $KRB5_LIBS $LIBS"
AC_TRY_LINK([
#include <kerberosIV/krb.h>
#include <kerberosIV/des.h>
......@@ -861,6 +938,10 @@ des_debug = 1;
fi
fi
if test $ol_link_krb5 = yes ; then
ol_with_kerberos=found
fi
if test $ol_with_kerberos = auto -o $ol_with_kerberos = k4 \
-o $ol_with_kerberos = kth ; then
......@@ -871,9 +952,12 @@ if test $ol_with_kerberos = auto -o $ol_with_kerberos = k4 \
if test $have_k4 = yes ; then
ol_with_kerberos=found
ol_link_kerberos=yes
ol_link_krb4=yes
AC_DEFINE(HAVE_KRB4, 1,
[define if you have Kerberos IV])
KRB_LIBS="-lkrb -ldes"
KRB4_LIBS="-lkrb -ldes"
if test $ac_cv_header_krb_archaeology_h = yes ; then
AC_DEFINE(HAVE_KTH_KERBEROS, 1,
......@@ -883,11 +967,11 @@ if test $ol_with_kerberos = auto -o $ol_with_kerberos = k4 \
fi
fi
if test $ol_link_kerberos = yes ; then
if test $ol_link_krb4 = yes -o $ol_link_krb5 = yes ; then
AC_DEFINE(HAVE_KERBEROS, 1, [define if you have Kerberos])
elif test $ol_with_kerberos != auto -a $ol_with_kerberos != no ; then
AC_ERROR([Kerberos detection failed.])
AC_MSG_ERROR([Kerberos detection failed.])
fi
dnl ----------------------------------------------------------------
......@@ -2067,6 +2151,9 @@ if test "$ol_enable_cache" = no ; then
AC_DEFINE(LDAP_NOCACHE,1,
[define this to remove -lldap cache support])
fi
if test "$ol_enable_kbind" != no ; then
AC_DEFINE(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND,LDAP_VENDOR_VERSION)
fi
if test "$ol_enable_dns" != no ; then
AC_DEFINE(LDAP_API_FEATURE_X_OPENLDAP_V2_DNS,LDAP_VENDOR_VERSION)
fi
......@@ -2084,11 +2171,14 @@ if test "$ol_enable_ldapi" != no; then
AC_DEFINE(USE_PF_LOCAL,1,[define to support PF_LOCAL transport])
fi
if test "$ol_enable_cleartext" != no ; then
AC_DEFINE(SLAPD_CLEARTEXT,1,[define to support cleartext passwords])
fi
if test "$ol_enable_crypt" != no ; then
AC_DEFINE(SLAPD_CRYPT,1,[define to support crypt(3) passwords])
fi
if test "$ol_enable_cleartext" != no ; then
AC_DEFINE(SLAPD_CLEARTEXT,1,[define to support cleartext passwords])
if test "$ol_enable_kpasswd" != no ; then
AC_DEFINE(SLAPD_KPASSWD,1,[define to support Kerberos passwords])
fi
if test "$ol_enable_multimaster" != no ; then
AC_DEFINE(SLAPD_MULTIMASTER,1,[define to support multimaster replication])
......@@ -2276,7 +2366,8 @@ AC_SUBST(PERL_CPPFLAGS)
AC_SUBST(SLAPD_PERL_LDFLAGS)
AC_SUBST(MOD_PERL_LDFLAGS)
AC_SUBST(KRB_LIBS)
AC_SUBST(KRB4_LIBS)
AC_SUBST(KRB5_LIBS)
AC_SUBST(READLINE_LIBS)
AC_SUBST(SASL_LIBS)
AC_SUBST(TERMCAP_LIBS)
......
......@@ -10,10 +10,12 @@
* in file LICENSE in the top-level directory of the distribution.
*/
/* Kerberos IV */
#ifndef _AC_KRB_H
#define _AC_KRB_H
#if defined( HAVE_KERBEROS )
#if defined( HAVE_KRB4 )
#if defined( HAVE_KERBEROSIV_KRB_H )
#include <kerberosIV/krb.h>
......@@ -27,5 +29,5 @@
#include <des.h>
#endif
#endif /* HAVE_KERBEROS */
#endif /* HAVE_KRB4 */
#endif /* _AC_KRB_H */
/* Generic krb.h */
/* $OpenLDAP$ */
/*
* Copyright 1998,1999 The OpenLDAP Foundation, Redwood City, California, USA
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted only
* as authorized by the OpenLDAP Public License. A copy of this
* license is available at http://www.OpenLDAP.org/license.html or
* in file LICENSE in the top-level directory of the distribution.
*/
/* Kerberos V */
#ifndef _AC_KRB5_H
#define _AC_KRB5_H
#if defined( HAVE_KRB5 )
#include <krb5.h>
#endif /* HAVE_KRB5 */
#endif /* _AC_KRB5_H */
......@@ -50,6 +50,9 @@
/* LDAP v2 DNS */
#undef LDAP_API_FEATURE_X_OPENLDAP_V2_DNS
/* LDAP v2 Kerberos Bind */
#undef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
/* LDAP v2 Referrals */
#undef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
......
......@@ -124,6 +124,7 @@
LDAP_API_FEATURE_X_OPENLDAP_REENTRANT
LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
LDAP_API_FEATURE_X_OPENLDAP_V2_DNS
LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
*/
......@@ -381,6 +382,9 @@
/* Define if you have the <grp.h> header file. */
#undef HAVE_GRP_H
/* Define if you have the <heim_err.h> header file. */
#undef HAVE_HEIM_ERR_H
/* Define if you have the <io.h> header file. */
#undef HAVE_IO_H
......@@ -396,6 +400,9 @@
/* Define if you have the <krb.h> header file. */
#undef HAVE_KRB_H
/* Define if you have the <krb5.h> header file. */
#undef HAVE_KRB5_H
/* Define if you have the <libutil.h> header file. */
#undef HAVE_LIBUTIL_H
......@@ -531,9 +538,6 @@
/* Define if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define if you have the <sys/un.h> header file. */
#undef HAVE_SYS_UN_H
/* Define if you have the <sysexits.h> header file. */
#undef HAVE_SYSEXITS_H
......@@ -633,9 +637,24 @@
/* define if you have -lpp */
#undef HAVE_PP
/* define if you have HEIMDAL Kerberos */
#undef HAVE_HEIMDAL_KERBEROS
/* define if you have Kerberos V */
#undef HAVE_KRB5
/* define if you have Kerberos V with IV support */
#undef HAVE_KRB425
/* define if you have Kerberos IV */
#undef HAVE_KRB4
/* define if you have Kerberos des_debug */
#undef HAVE_DES_DEBUG
/* define if you have Kerberos IV */
#undef HAVE_KRB4
/* define if you have Kth Kerberos */
#undef HAVE_KTH_KERBEROS
......@@ -837,14 +856,17 @@
/* define to support CLDAP */
#undef LDAP_CONNECTIONLESS
/* define to support domain sockets */
#undef LDAP_PF_LOCAL
/* define to support PF_LOCAL transport */
#undef USE_PF_LOCAL
/* define to support cleartext passwords */
#undef SLAPD_CLEARTEXT
/* define to support crypt(3) passwords */
#undef SLAPD_CRYPT
/* define to support cleartext passwords */
#undef SLAPD_CLEARTEXT
/* define to support Kerberos passwords */
#undef SLAPD_KPASSWD
/* define to support multimaster replication */
#undef SLAPD_MULTIMASTER
......
......@@ -108,6 +108,7 @@ ber_memvfree( void **vec )
void *
ber_memalloc( ber_len_t s )
{
void *new;
ber_int_options.lbo_valid = LBER_INITIALIZED;
#ifdef LDAP_MEMORY_DEBUG
......@@ -127,21 +128,26 @@ ber_memalloc( ber_len_t s )
mh->bm_junk = BER_MEM_JUNK;
BER_MEM_VALID( &mh[1] );
return &mh[1];
new = &mh[1];
#else
return malloc( s );
new = malloc( s );
#endif
} else {
new = (*ber_int_memory_fns->bmf_malloc)( s );
}
assert( ber_int_memory_fns->bmf_malloc );
if( new == NULL ) {