Initial implementation of Kerberos password verification for

[openldap] / servers / slurpd / ldap_op.c

diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index 8dfc7e157baa18d1f3cc02183778f1e6296ebd4d..6671ac6adefe25d4e04fdd051ab8354d52ea2161 100644 (file)
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -1,3 +1,4 @@
+/* $OpenLDAP$ */
 /*
  * Copyright (c) 1996 Regents of the University of Michigan.
  * All rights reserved.
@@ -28,6 +29,11 @@
 
 #include <ac/krb.h>
 
+#if defined( STR_TRANSLATION ) && defined( LDAP_DEFAULT_CHARSET )
+/* Get LDAP->ld_lberoptions.  Must precede slurp.h, both define ldap_debug. */
+#include "../../libraries/libldap/ldap-int.h"
+#endif
+
 #include <lber.h>
 #include <ldap.h>
 
@@ -45,7 +51,9 @@ static void free_ldmarr LDAP_P(( LDAPMod ** ));
 static int getmodtype LDAP_P(( char * ));
 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
 static char **read_krbnames LDAP_P(( Ri * ));
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 static void upcase LDAP_P(( char * ));
+#endif
 static int do_bind LDAP_P(( Ri *, int * ));
 static int do_unbind LDAP_P(( Ri * ));
 
@@ -81,8 +89,10 @@ do_ldap(
     while ( retry > 0 ) {
        if ( ri->ri_ldp == NULL ) {
            rc = do_bind( ri, &lderr );
+
            if ( rc != BIND_OK ) {
-               return DO_LDAP_ERR_RETRYABLE;
+                       (void) do_unbind( ri );
+                       return DO_LDAP_ERR_RETRYABLE;
            }
        }
 
@@ -463,7 +473,7 @@ op_ldap_modrdn(
 #endif /* LDAP_DEBUG */
 
     /* Do the modrdn */
-    rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, mi->mi_val, drdnflag, newsup );
+    rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, mi->mi_val, newsup, drdnflag );
 
        ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
     return( lderr );
@@ -617,7 +627,7 @@ do_bind(
 )
 {
     int                ldrc;
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
     int rc;
     int retval = 0;
     int kni, got_tgt;
@@ -626,7 +636,7 @@ do_bind(
     char realm[ REALM_SZ ];
     char name[ ANAME_SZ ];
     char instance[ INST_SZ ];
-#endif /* HAVE_KERBEROS */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
 
     *lderr = 0;
 
@@ -672,12 +682,12 @@ do_bind(
 
     switch ( ri->ri_bind_method ) {
     case AUTH_KERBEROS:
-#ifndef HAVE_KERBEROS
+#ifndef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
        Debug( LDAP_DEBUG_ANY,
            "Error: Kerberos bind for %s:%d, but not compiled w/kerberos\n",
            ri->ri_hostname, ri->ri_port, 0 );
        return( BIND_ERR_KERBEROS_FAILED );
-#else /* HAVE_KERBEROS */
+#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
        /*
         * Bind using kerberos.
         * If "bindprincipal" was given in the config file, then attempt
@@ -753,7 +763,7 @@ kexit:      if ( krbnames != NULL ) {
        }
        return( retval);
        break;
-#endif /* HAVE_KERBEROS */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
     case AUTH_SIMPLE:
        /*
         * Bind with a plaintext password.
@@ -880,6 +890,7 @@ read_krbnames(
 }
 
 
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 
 /*
  * upcase a string
@@ -895,3 +906,5 @@ upcase(
            *p = TOUPPER( (unsigned char) *p );
     }
 }
+
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */