- db4 fixes

[packages/cyrus-sasl.git] / cyrus-sasl-mysql-ldap.patch

--- ./include/Makefile.in.orig  Sat Mar 24 01:48:13 2001
+++ ./include/Makefile.in       Thu Mar 28 12:56:53 2002
@@ -119,6 +119,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -175,7 +177,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(makemd5_SOURCES)
 OBJECTS = $(makemd5_OBJECTS)
--- ./lib/Makefile.am.orig      Sat Mar 10 05:56:41 2001
+++ ./lib/Makefile.am   Thu Mar 28 12:40:16 2002
@@ -53,5 +53,5 @@
 EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c
 libsasl_la_LDFLAGS = -version-info $(sasl_version)
 libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@
-libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET)
+libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS)  ${LIB_LDAP} ${LIB_MYSQL}
 # PLAIN_LIBS are linked in for sasl_checkpass
--- ./lib/Makefile.in.orig      Sat Mar 24 01:48:13 2001
+++ ./lib/Makefile.in   Thu Mar 28 12:57:25 2002
@@ -119,6 +119,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -156,7 +158,7 @@
 EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c
 libsasl_la_LDFLAGS = -version-info $(sasl_version)
 libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@
-libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET)
+libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS)  ${LIB_LDAP} ${LIB_MYSQL}
 mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs
 CONFIG_HEADER = ../config.h
 CONFIG_CLEAN_FILES = 
@@ -179,7 +181,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(libsasl_la_SOURCES) $(EXTRA_libsasl_la_SOURCES)
 OBJECTS = $(libsasl_la_OBJECTS)
--- ./lib/checkpw.c.orig        Sat Feb 17 05:06:48 2001
+++ ./lib/checkpw.c     Thu Mar 28 12:47:18 2002
@@ -53,6 +53,18 @@
 #include <unistd.h>
 #endif
 
+#ifdef HAVE_MYSQL
+#include <mysql.h>
+#include <ctype.h>
+#endif /* HAVE_MYSQL */
+ 
+#ifdef HAVE_LDAP
+#include <lber.h>
+#include <ldap.h>
+#include <ctype.h>
+#endif /* HAVE_LDAP */
+
+
 #ifdef HAVE_KRB
 #include <krb.h>
 #endif
@@ -171,12 +183,20 @@
     memcpy (&temp_key, "kerberos", 8);
     des_fixup_key_parity (&temp_key);
     des_key_sched (&temp_key, schedule);
+#ifdef __FreeBSD__
+    des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec);
+#else
     des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
+#endif
 
     memcpy (&temp_key, &ivec, sizeof temp_key);
     des_fixup_key_parity (&temp_key);
     des_key_sched (&temp_key, schedule);
-    des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
+#ifdef __FreeBSD__
+    des_cbc_cksum ((const unsigned char*)password, key, passlen, schedule, &ivec);
+#else
+    des_cbc_cksum ((des_cblock char*)password, key, passlen, schedule, &ivec);
+#endif
 
     des_fixup_key_parity (key);
 
@@ -211,10 +231,17 @@
     return (str);
 }
 
+#ifdef __FreeBSD__
+static int use_key(const char *user __attribute__((unused)),
+                  char *instance __attribute__((unused)),
+                  const char *realm __attribute__((unused)),
+                  const void *key, des_cblock *returned_key)
+#else
 static int use_key(char *user __attribute__((unused)), 
                   char *instance __attribute__((unused)), 
                   char *realm __attribute__((unused)), 
                   void *key, des_cblock *returned_key)
+#endif
 {
     memcpy (returned_key, key, sizeof(des_cblock));
     return 0;
@@ -1015,7 +1042,7 @@
 
 
 /* pwcheck daemon-authenticated login */
-static int pwcheck_verify_password(sasl_conn_t *conn,
+static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)),
                                   const char *userid, 
                                   const char *passwd,
                                   const char *service __attribute__((unused)),
@@ -1030,8 +1057,10 @@
     static char response[1024];
     int start, n;
     char pwpath[1024];
+#if 0 /* Not used */
     sasl_getopt_t *getopt;
     void *context;
+#endif
 
     if (reply) { *reply = NULL; }
 
@@ -1183,6 +1212,447 @@
 
 #endif
 
+#ifdef HAVE_MYSQL
+/* DMZ mysql auth 12/29/1999
+ * Updated to 1.5.24 by SWH 09/12/2000
+ * changed to malloc qbuf Simon Loader 10/21/2000
+ * Oh look the changelog for it all 
+ */
+#ifdef USE_CRYPT_PASSWORD
+#define QUERY_STRING    "select %s from %s where %s = '%s' and %s = password('%s')"
+#else
+#define QUERY_STRING    "select %s from %s where %s = '%s' and %s = '%s'"
+#endif
+
+static int mysql_verify_password(sasl_conn_t *conn,
+                               const char *userid,
+                               const char *password,
+                               const char *service __attribute__((unused)),
+                               const char *user_realm __attribute__((unused)),
+                               const char **reply)
+{
+   unsigned int numrows;
+   MYSQL mysql,*sock = NULL;
+   MYSQL_RES *result;
+   char *qbuf;
+   char *cur_host;
+   char *db_user="",
+        *db_passwd="",
+        *db_host="",
+        *db_uidcol="",
+        *db_pwcol="",
+        *db_database="",
+        *escap_userid="",
+        *escap_password="",
+        *db_table="";
+   sasl_getopt_t *getopt;
+   void *context;
+ 
+   if (!userid || !password) {
+       return SASL_BADPARAM;
+   }
+   if (reply) { *reply = NULL; }
+ 
+   /* check to see if the user configured a mysqluser/passwd/host/etc */
+   if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
+       getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL);
+       if (!db_user) db_user = "";
+       getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL);
+       if (!db_passwd) db_passwd = "";
+       getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL);
+       if (!db_host) db_host = "";
+       getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL);
+       if (!db_database) db_database = "";
+       getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL);
+       if (!db_table) db_table = "";
+       getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL);
+       if (!db_uidcol) db_uidcol = "";
+       getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL);
+       if (!db_pwcol) db_pwcol = "";
+    }
+
+    /* db_host is a list of servers like this
+    **  server1 , sever2    , server3 etc.
+    */
+   cur_host = db_host;
+   while ( cur_host != NULL || sock == NULL) {
+     db_host = strchr(db_host,',');
+     if ( db_host != NULL ) {  
+       db_host[0] = 0x00;
+       /* loop till we find some text */
+       while (!isalnum(db_host[0]) )
+           db_host++;
+     }
+     sock = mysql_connect(&mysql,db_host,db_user,db_passwd);
+     cur_host = db_host;
+         }
+    if ( sock == NULL ) {
+      if (reply) { *reply = "cannot connect to MySQL server"; }
+      return SASL_FAIL;
+    }
+
+    if (mysql_select_db(sock,db_database) < 0) {
+      mysql_close(sock);
+      if (reply) { *reply = "cannot select MySQL database"; }
+      return SASL_FAIL;
+    }
+               
+    /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */
+    /* first we must escape any strange characters to be inserted into the query string
+    ** that is userid and password 
+    */
+    /* first allocate some memory */
+    if ( (escap_userid = (char *)malloc(strlen(userid)*2+1))== NULL ||
+        (escap_password = (char *)malloc(strlen(password)*2+1)) == NULL ) {
+       if (reply) {
+         *reply = "Cannot malloc memory for escaped chars";
+       }
+       return SASL_FAIL;
+     }
+     /* these should just work */
+     mysql_real_escape_string(&mysql,escap_userid,userid,strlen(userid));
+     mysql_real_escape_string(&mysql,escap_password,password,strlen(password));
+
+    if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol)
+                               +strlen(db_table)+strlen(db_uidcol)
+                               +strlen(userid)+strlen(db_pwcol)
+                               +strlen(password)+1)) == NULL ) {
+      if (reply) {
+       *reply = "cannot malloc memory for sql query";
+      }
+      return SASL_FAIL;
+    }
+    sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,escap_userid,db_pwcol,escap_password);
+    if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock)))
+    {
+      free(qbuf);
+      mysql_close(sock);
+      return SASL_FAIL;
+    }
+
+    if (result) //There were some rows found
+    {
+           if ((numrows = mysql_affected_rows(&mysql)) != 1)
+           {
+                   mysql_free_result(result);
+                   mysql_close(sock);
+                  if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
+                  free(qbuf);
+                   return SASL_BADAUTH;
+           } else {
+            free(qbuf);
+            mysql_free_result(result);
+            mysql_close(sock);
+            return SASL_OK;
+          }
+    }
+    free(qbuf);
+    mysql_free_result(result);
+    mysql_close(sock);
+    return SASL_BADAUTH;
+}
+#endif /* HAVE_MYSQL */
+
+#ifdef HAVE_LDAP
+/* simon@surf.org.uk LDAP auth 07/11/2000
+ * Updated to 1.5.24 by SWH 09/12/2000
+ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000
+ * Added LDAP_FILTER, LDAP_DN, and LDAP_PASSWD -- 07/18/2001
+ * Changed LDAP_DN to LDAP_BIND_DN and LDAP_PASSWD to LDAP_BIND_PW -- 08/08/2001
+ * Kevin J. Menard, Jr. <kmenard@wpi.edu>
+ * Added SSL mode and filter mode - simon@surf.org.uk 08/22/2001
+    (are these USA dates or English ?)
+*/
+
+
+#define LDAP_SERVER    "localhost"
+#define LDAP_BASEDN    "o=JOFA, c=UK"
+#define LDAP_UIDATTR   "uid"
+#define LDAP_FILTER     ""
+#define LDAP_BIND_DN    NULL
+#define LDAP_BIND_PW    NULL
+
+
+#ifndef TRUE
+# define TRUE          1
+# define FALSE         0
+#endif
+
+#ifndef LDAP_NO_ATTRS
+#define LDAP_NO_ATTRS  "1.1"
+#endif
+static int ldap_isdigits(char *value)
+{
+  char *ptr;
+  int num = TRUE;
+  
+  for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) {
+    if (!isdigit(*ptr))
+      num = FALSE;
+  }
+  
+  return num;
+}
+
+#ifdef LDAP_VENDOR_VERSION
+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
+       ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
+#define SASL_ldap_memfree(dn) ldap_memfree(dn)
+#else
+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
+        ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
+#define SASL_ldap_memfree(dn) free(dn)
+#endif
+
+static int ldap_verify_password(sasl_conn_t *conn,
+                               const char *userid,
+                               const char *password,
+                               const char *service __attribute__((unused)),
+                               const char *user_realm __attribute__((unused)),
+                               const char **reply)
+{
+  
+  LDAP *ld = NULL;
+  char *cur_server = NULL;
+  char *dn,
+    *filter="",
+    *ldap_server="",
+    *ldap_basedn="",
+    *ldap_uidattr="",
+    *ldap_filter="",
+    *ldap_bind_dn="",
+    *ldap_bind_pw="",
+    *ldap_filter_mode="",
+    *port_num="",
+    *alias_deref="";
+  int ldap_deref=LDAP_DEREF_NEVER;
+  int malloc_size; /* safety net */
+  int ldap_filter_flag = 0;
+  int ldap_port = LDAP_PORT;
+  sasl_getopt_t *getopt;
+  void *context;
+  LDAPMessage  *result, *e;
+  char *attrs[]={LDAP_NO_ATTRS, NULL};
+#ifdef LDAP_OPT_X_TLS
+  char *ldap_ssl="";
+  int ldap_ssl_flag = 0;
+  int tls_option;
+#endif
+  
+  
+  /* If the password is NULL, reject the login...
+   * Otherwise the bind will succed as a reference bind. Not good...
+   */
+  if (strcmp(password,"") == 0 || strcmp(userid,"") == 0) {
+    return SASL_BADPARAM;
+  }
+  
+  if (reply) { *reply = NULL; }
+  
+  /* check to see if the user configured a ldap stuff */
+  if ( _sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) != SASL_OK) {
+    *reply = "SASL LDAP Method couldnt find getopt callback";
+    return(SASL_BADPARAM);
+  }
+
+  /* basic server infomation */
+  getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL);
+  if (!ldap_server) ldap_server = LDAP_SERVER;
+  getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL);
+  if (!ldap_basedn) {
+    if (reply) { *reply = "ldap_basedn not defined"; }
+    return SASL_BADPARAM;
+  }
+  getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL);
+  if (!ldap_uidattr) { ldap_uidattr = LDAP_UIDATTR; }
+
+  /* should probabaly do something if in SSL Mode */
+  getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL);
+  if (!port_num) {
+    ldap_port = LDAP_PORT;
+  } else if (!ldap_isdigits(port_num)) {
+    if (reply) { *reply = "ldap_port - invalid value"; }
+    return SASL_BADPARAM;
+  } else {
+    ldap_port = atoi(port_num);
+  }
+  /* get filter information (if present) */
+  getopt(context, NULL, "ldap_filter", (const char **) &ldap_filter, NULL);
+  if (!ldap_filter) { ldap_filter = LDAP_FILTER; }
+  getopt(context, NULL, "ldap_bind_dn", (const char **) &ldap_bind_dn, NULL);
+  if (!ldap_bind_dn) { ldap_bind_dn = LDAP_BIND_DN; }
+  getopt(context, NULL, "ldap_bind_pw", (const char **) &ldap_bind_pw, NULL);
+  if (!ldap_bind_pw) { ldap_bind_pw = LDAP_BIND_PW; }
+  getopt(context, NULL, "ldap_alias_deref", (const char **) &alias_deref, NULL);
+  
+  if (*alias_deref == 'n' || *alias_deref =='N') 
+     { ldap_deref=LDAP_DEREF_NEVER; }
+  if (*alias_deref == 's' || *alias_deref =='S') 
+     { ldap_deref=LDAP_DEREF_SEARCHING; }
+  if (*alias_deref == 'f' || *alias_deref =='F') 
+     { ldap_deref=LDAP_DEREF_FINDING; }
+  if (*alias_deref == 'a' || *alias_deref =='A') 
+     { ldap_deref=LDAP_DEREF_ALWAYS; }
+  /* test for ssl mode */
+  /* this will only work with openldap > v2
+  **  (the other ldap stuff I dont know) 
+  */
+#ifdef LDAP_OPT_X_TLS
+  getopt(context, NULL, "ldap_ssl", (const char **) &ldap_ssl, NULL);
+  /* this is taken from the auto transition section */
+  if (ldap_ssl == NULL ) { ldap_ssl = "n"; }
+  if (*ldap_ssl == '1' || *ldap_ssl == 'y' ||
+      (*ldap_ssl == 'o' && ldap_ssl[1] == 'n') || *ldap_ssl == 't') {
+    /* ok switch on ldap ssl mode */
+    ldap_ssl_flag = 1;
+  }
+#endif
+  /* test for filter mode */
+  getopt(context, NULL, "ldap_filter_mode", (const char **) &ldap_filter_mode, NULL);
+  /* this is taken from the auto transition section */
+  if (ldap_filter_mode == NULL ) { ldap_filter_mode = "n"; }
+  if (*ldap_filter_mode == '1' || *ldap_filter_mode == 'y' ||
+      (*ldap_filter_mode == 'o' && ldap_filter_mode[1] == 'n')
+      || *ldap_filter_mode == 't') {
+    /* ok switch on ldap ssl mode */
+    ldap_filter_flag = 1;
+  }
+  
+  /* Open the LDAP connection. */
+  cur_server = ldap_server;
+  while ( cur_server != NULL && ld == NULL) {
+    ldap_server = strchr(ldap_server,',');
+    if ( ldap_server != NULL ) {       
+      ldap_server[0] = 0x00;
+      /* loop till we find some text */
+      while (!isalnum(ldap_server[0]) )
+          ldap_server++;
+    }
+    ld = ldap_init(cur_server,ldap_port);
+    cur_server = ldap_server;
+  }
+  if (ld == NULL) {
+    if (reply) { *reply = "cannot connect to LDAP server"; }
+    return SASL_FAIL;
+  }
+  /* setting dereferensing aliases mode */
+  if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *) &ldap_deref) != LDAP_OPT_SUCCESS) {
+    if (reply) {
+      *reply = "cannot set deref options";
+    }
+    return SASL_FAIL;
+  }
+  /* set ssl mode if needed */
+#ifdef LDAP_OPT_X_TLS
+  if ( ldap_ssl_flag ) {
+    ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);  
+  }
+#endif
+  
+  /* either run the filter or just bind as them ? */
+  
+  /*
+   * Kevin J. Menard, Jr. <kmenard@wpi.edu>. -- 07/18/2001
+   * Added search code.  First search for the UID and filter, then
+   * attempt to bind with the search result.
+   */
+   if ( ldap_filter_flag ) {
+    /* Bind as the user given (or anonymous) */
+    if (ldap_simple_bind_s(ld,ldap_bind_dn,ldap_bind_pw) != LDAP_SUCCESS) {
+      ldap_unbind(ld);
+      return SASL_BADAUTH;
+    }
+    
+    malloc_size = strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_filter)+8;
+    /* allocate memory to filter */
+    if ( (filter = (char *)malloc(malloc_size)) == NULL ) {
+      if (reply) {
+       *reply = "cannot allocate memory for ldap search filter";
+      }
+      ldap_unbind(ld);
+      return SASL_FAIL;
+    }
+    
+    /* Create the search filter */
+    snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
+    
+    /* Now do the search */
+    if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
+                          attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
+       LDAP_SUCCESS) {
+      free(filter);
+      ldap_unbind(ld);
+      return SASL_BADAUTH;
+    }
+    
+    /* Now get the entry from the search results */
+    if ( (e = ldap_first_entry(ld, result)) ==NULL) {
+      free(filter);
+      ldap_msgfree(result);
+      if (reply) {
+               *reply = "entry not found";
+      }
+      ldap_unbind(ld);
+      return SASL_FAIL;
+//      return SASL_BADAUTH;
+    }
+    
+    /* Now extract the dn */
+    if ( (dn = ldap_get_dn(ld, e)) == NULL) {
+      free(filter);
+      ldap_msgfree(result);
+      if (reply) {
+               *reply = "Cannot get DN";
+      }
+      ldap_unbind(ld);
+      return SASL_FAIL;
+//      return SASL_BADAUTH;
+    }
+    if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+      e = NULL;
+      free(filter);
+      SASL_ldap_memfree(dn);
+      ldap_msgfree(result);
+      ldap_unbind(ld);
+      return SASL_BADAUTH;
+    }
+    e = NULL;
+    free(filter);
+    SASL_ldap_memfree(dn);
+    ldap_msgfree(result);
+    
+  } else {
+    malloc_size = strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_basedn)+3;
+    if ( (dn = (char *)malloc(malloc_size)) == NULL ) {
+      if (reply) { 
+       *reply = "cannnot allocate memory for ldap dn";
+      }
+      return SASL_FAIL;
+    }
+    /* Generate a dn that we will try and login with */
+    snprintf(dn,malloc_size,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
+    
+    /* 
+   * Just try and bind with the dn we have been given
+   * In most cases the basedn is correct. 
+   * If this is not so I have a version or that too
+   * Simon@surf.org.uk
+   */
+    if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+      free(dn);
+      ldap_unbind(ld);
+      return SASL_BADAUTH;
+    }
+    free(dn);
+  }
+  
+    
+  ldap_unbind(ld);
+  return SASL_OK;
+}
+
+#endif /* HAVE_LDAP */
+
 struct sasl_verify_password_s _sasl_verify_password[] = {
     { "sasldb", &sasldb_verify_password },
 #ifdef HAVE_KRB
@@ -1205,6 +1675,12 @@
 #endif
 #ifdef HAVE_PWCHECK
     { "pwcheck", &pwcheck_verify_password },
+#endif
+#ifdef HAVE_MYSQL
+    { "mysql", &mysql_verify_password },
+#endif
+#ifdef HAVE_LDAP
+    { "ldap", &ldap_verify_password },
 #endif
 #ifdef HAVE_SASLAUTHD
     { "saslauthd", &saslauthd_verify_password },
--- ./plugins/Makefile.in.orig  Sat Mar 24 01:48:13 2001
+++ ./plugins/Makefile.in       Thu Mar 28 13:01:27 2002
@@ -123,6 +123,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -237,7 +239,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(libplain_la_SOURCES) $(libanonymous_la_SOURCES) $(libkerberos4_la_SOURCES) $(libcrammd5_la_SOURCES) $(libscrammd5_la_SOURCES) $(libgssapiv2_la_SOURCES) $(libdigestmd5_la_SOURCES) $(liblogin_la_SOURCES) $(libsrp_la_SOURCES)
 OBJECTS = $(libplain_la_OBJECTS) $(libanonymous_la_OBJECTS) $(libkerberos4_la_OBJECTS) $(libcrammd5_la_OBJECTS) $(libscrammd5_la_OBJECTS) $(libgssapiv2_la_OBJECTS) $(libdigestmd5_la_OBJECTS) $(liblogin_la_OBJECTS) $(libsrp_la_OBJECTS)
--- ./plugins/kerberos4.c.orig  Sat Mar 10 05:56:46 2001
+++ ./plugins/kerberos4.c       Thu Mar 28 12:40:17 2002
@@ -698,8 +698,13 @@
 
     /* decrypt; verify checksum */
 
+#ifdef __FreeBSD__
+    des_pcbc_encrypt((const unsigned char *)in,
+                    (unsigned char *)in,
+#else
     des_pcbc_encrypt((des_cblock *)in,
                     (des_cblock *)in,
+#endif
                     clientinlen,
                     text->init_keysched,
                     &text->session,
@@ -1220,9 +1225,14 @@
            len++;
        }
        sout[len]=0;
+#ifdef __FreeBSD__
+       des_pcbc_encrypt((const unsigned char *)sout,
+                    (unsigned char *)sout,
+#else
     
        des_pcbc_encrypt((des_cblock *)sout,
                         (des_cblock *)sout,
+#endif
                         len,
                         text->init_keysched,
                         (des_cblock *)text->session,
--- ./utils/Makefile.in.orig    Sat Mar 24 01:48:13 2001
+++ ./utils/Makefile.in Thu Mar 28 13:03:28 2002
@@ -119,6 +119,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -211,7 +213,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(libsfsasl_la_SOURCES) testsuite.c dbconverter-1.5.9.c saslpasswd.c sasldblistusers.c
 OBJECTS = $(libsfsasl_la_OBJECTS) testsuite.o dbconverter-1.5.9.o saslpasswd.o sasldblistusers.o
--- ./doc/Makefile.in.orig      Sat Mar 24 01:48:13 2001
+++ ./doc/Makefile.in   Thu Mar 28 13:03:42 2002
@@ -120,6 +120,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -155,7 +157,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./doc/sysadmin.html.orig    Sat Feb 17 05:06:33 2001
+++ ./doc/sysadmin.html Thu Mar 28 12:40:18 2002
@@ -171,6 +171,66 @@
 <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate,
   helper daemon. <b>needs to be documented.</b><p>
 
+<dt><i>mysql</i><dd> A MySQL database can be used for plaintext
+  password checking by setting "pwcheck_method" to "mysql".<p>
+
+  <p>The following SASL options are used for MySQL Authentication:<p>
+
+  <dl>
+    <dd>mysql_user: &lt;user&gt;</dd>
+    <dd>mysql_passwd: &lt;cleartext pw&gt;</dd>
+    <dd>mysql_host: &lt;hosts separated by ,&gt;</dd>
+    <dd>mysql_database: &lt;database&gt;</dd>
+    <dd>mysql_table: &lt;table&gt;</dd>
+    <dd>mysql_uidcol: &lt;username col&gt;</dd>
+    <dd>mysql_pwdcol: &lt;password col&gt;</dd>
+  </dl>
+
+  <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a>
+  the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p>
+
+<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password
+  checking by setting "pwcheck_method" to "ldap".<p>
+
+  <p>The following SASL options are used for LDAP Authentication:<p>
+
+  <dl>
+    <dd>ldap_server: &lt;LDAP Servers separated by , [localhost]&gt;
+    <dd>ldap_basedn: &lt;LDAP base dn&gt;
+    <dd>ldap_uidattr: &lt;LDAP uid attribute [uid]&gt;
+    <dd>ldap_port: &lt;LDAP port [389]&gt;
+    <dd>ldap_ssl: &lt;yes/no/true/fasle&gt; Use ssl (untested)
+    <dd>ldap_filter_mode:  &lt;yes/no/true/fasle&gt; Use the filter below
+    <dd>ldap_filter: &lt;Additional search filter
+[(objectClass=posixAccount)]&gt;
+    <dd>ldap_bind_dn: &lt;DN to bind with [NULL]&gt;
+    <dd>ldap_bind_pw: &lt;Password for DN to bind with [NULL]&gt;
+    <dd>ldap_alias_deref: &lt;n|s|f|a&gt; n is default
+  </dl>
+
+  <p>It is a requirement that "ldap_basedn" be set to the appropriate
+  value for your site<br>
+  (ex. ldap_basedn: o=surf, c=UK)<p>
+
+  <p>ldap_alias_deref: n = LDAP_DEREF_NEVER<br>
+                       s = LDAP_DEREF_SEARCHING<br>
+                       f = LDAP_DEREF_FINDING<br>
+                       a = LDAP_DEREF_ALWAYS<br>
+   If you dont know what ldap alias is just leave this alone.<br>
+
+  <p>NULL values for ldap_dn and ldap_passwd mean do an anonymous bind
+and search.<p>
+
+  <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@su
+rf.org.uk</a>
+  the original patch may be found at <a href="http://www.surf.org.uk/">http://w
+ww.surf.org.uk/</a>.<p>
+
+  <p>Search and filter ability for LDAP was added by <a href="mailto:kmenard@wp.edu">Kevin J. Menard, Jr.</a>.<p>
+       <p>Ldap alias support by mailer@cbsd.donetsk.ua<br>
+
+
+
 <dt><i>write your own</i><dd> Last, but not least, the most flexible
   method of authentication for PLAIN is to write your own.  If you do
   so, any application that calls the "<tt>sasl_checkpass()</tt>"
--- ./man/Makefile.in.orig      Sat Mar 24 01:48:14 2001
+++ ./man/Makefile.in   Thu Mar 28 13:03:47 2002
@@ -119,6 +119,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -160,7 +162,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./pwcheck/Makefile.in.orig  Sat Mar 24 01:48:14 2001
+++ ./pwcheck/Makefile.in       Thu Mar 28 12:40:19 2002
@@ -99,6 +99,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -153,7 +155,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(pwcheck_SOURCES) $(EXTRA_pwcheck_SOURCES)
 OBJECTS = $(pwcheck_OBJECTS)
--- ./sample/Makefile.in.orig   Sat Mar 24 01:48:13 2001
+++ ./sample/Makefile.in        Thu Mar 28 13:03:53 2002
@@ -119,6 +119,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -192,7 +194,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(sample_client_SOURCES) $(sample_server_SOURCES) $(client_SOURCES) $(server_SOURCES)
 OBJECTS = $(sample_client_OBJECTS) $(sample_server_OBJECTS) $(client_OBJECTS) $(server_OBJECTS)
--- ./java/CyrusSasl/Makefile.in.orig   Sat Mar 24 01:48:14 2001
+++ ./java/CyrusSasl/Makefile.in        Thu Mar 28 12:40:20 2002
@@ -100,6 +100,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -165,7 +167,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(libjavasasl_la_SOURCES)
 OBJECTS = $(libjavasasl_la_OBJECTS)
--- ./java/javax/security/auth/callback/Makefile.in.orig        Sat Mar 24 01:48:14 2001
+++ ./java/javax/security/auth/callback/Makefile.in     Thu Mar 28 12:40:20 2002
@@ -116,6 +116,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -158,7 +160,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./java/javax/security/auth/Makefile.in.orig Sat Mar 24 01:48:14 2001
+++ ./java/javax/security/auth/Makefile.in      Thu Mar 28 12:40:20 2002
@@ -116,6 +116,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -150,7 +152,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./java/javax/security/Makefile.in.orig      Sat Mar 24 01:48:14 2001
+++ ./java/javax/security/Makefile.in   Thu Mar 28 12:40:21 2002
@@ -116,6 +116,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -150,7 +152,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./java/javax/Makefile.in.orig       Sat Mar 24 01:48:14 2001
+++ ./java/javax/Makefile.in    Thu Mar 28 12:40:21 2002
@@ -116,6 +116,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -150,7 +152,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./java/Makefile.in.orig     Sat Mar 24 01:48:14 2001
+++ ./java/Makefile.in  Thu Mar 28 12:40:21 2002
@@ -100,6 +100,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -135,7 +137,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
--- ./saslauthd/Makefile.in.orig        Sat Mar 24 01:48:14 2001
+++ ./saslauthd/Makefile.in     Thu Mar 28 12:40:22 2002
@@ -75,6 +75,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -136,7 +138,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 SOURCES = $(saslauthd_SOURCES)
 OBJECTS = $(saslauthd_OBJECTS)
--- ./Makefile.in.orig  Sat Mar 24 01:48:13 2001
+++ ./Makefile.in       Thu Mar 28 13:04:13 2002
@@ -119,6 +119,8 @@
 LIBTOOL = @LIBTOOL@
 LIB_CRYPT = @LIB_CRYPT@
 LIB_DES = @LIB_DES@
+LIB_LDAP = @LIB_LDAP@
+LIB_MYSQL = @LIB_MYSQL@
 LIB_PAM = @LIB_PAM@
 LIB_SIA = @LIB_SIA@
 LIB_SOCKET = @LIB_SOCKET@
@@ -165,7 +167,7 @@
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
 
-TAR = gtar
+TAR = tar
 GZIP_ENV = --best
 DIST_SUBDIRS =  include lib plugins utils doc man pwcheck sample java \
 saslauthd
--- ./acconfig.h.orig   Sat Feb 17 05:06:28 2001
+++ ./acconfig.h        Thu Mar 28 12:40:22 2002
@@ -83,6 +83,12 @@
 /* do we have PAM for plaintext password checking? */
 #undef HAVE_PAM
 
+/* do we have MySQL for plaintext password checking? */
+#undef HAVE_MYSQL
+
+/* do we have LDAP for plaintext password checking? */
+#undef HAVE_LDAP
+
 /* what flavor of GSSAPI are we using? */
 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
 
--- ./aclocal.m4.orig   Sat Mar 24 01:48:12 2001
+++ ./aclocal.m4        Thu Mar 28 12:56:14 2002
@@ -262,12 +262,7 @@
 esac
 
 # Check for any special flags to pass to ltconfig.
-#
-# the following will cause an existing older ltconfig to fail, so
-# we ignore this at the expense of the cache file... Checking this 
-# will just take longer ... bummer!
-#libtool_flags="--cache-file=$cache_file"
-#
+libtool_flags="--cache-file=$cache_file"
 test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared"
 test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static"
 test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install"
@@ -566,35 +561,31 @@
 ])
 
 # AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for
-# the libltdl convenience library and INCLTDL to the include flags for
-# the libltdl header and adds --enable-ltdl-convenience to the
-# configure arguments.  Note that LIBLTDL and INCLTDL are not
-# AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called.  If DIR is not
-# provided, it is assumed to be `libltdl'.  LIBLTDL will be prefixed
-# with '${top_builddir}/' and INCLTDL will be prefixed with
-# '${top_srcdir}/' (note the single quotes!).  If your package is not
-# flat and you're not using automake, define top_builddir and
-# top_srcdir appropriately in the Makefiles.
+# the libltdl convenience library, adds --enable-ltdl-convenience to
+# the configure arguments.  Note that LIBLTDL is not AC_SUBSTed, nor
+# is AC_CONFIG_SUBDIRS called.  If DIR is not provided, it is assumed
+# to be `${top_builddir}/libltdl'.  Make sure you start DIR with
+# '${top_builddir}/' (note the single quotes!) if your package is not
+# flat, and, if you're not using automake, define top_builddir as
+# appropriate in the Makefiles.
 AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
   case "$enable_ltdl_convenience" in
   no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
   "") enable_ltdl_convenience=yes
       ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
   esac
-  LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
-  INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+  LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la
+  INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
 ])
 
 # AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for
-# the libltdl installable library and INCLTDL to the include flags for
-# the libltdl header and adds --enable-ltdl-install to the configure
-# arguments.  Note that LIBLTDL and INCLTDL are not AC_SUBSTed, nor is
-# AC_CONFIG_SUBDIRS called.  If DIR is not provided and an installed
-# libltdl is not found, it is assumed to be `libltdl'.  LIBLTDL will
-# be prefixed with '${top_builddir}/' and INCLTDL will be prefixed
-# with '${top_srcdir}/' (note the single quotes!).  If your package is
-# not flat and you're not using automake, define top_builddir and
-# top_srcdir appropriately in the Makefiles.
+# the libltdl installable library, and adds --enable-ltdl-install to
+# the configure arguments.  Note that LIBLTDL is not AC_SUBSTed, nor
+# is AC_CONFIG_SUBDIRS called.  If DIR is not provided, it is assumed
+# to be `${top_builddir}/libltdl'.  Make sure you start DIR with
+# '${top_builddir}/' (note the single quotes!) if your package is not
+# flat, and, if you're not using automake, define top_builddir as
+# appropriate in the Makefiles.
 # In the future, this macro may have to be called after AC_PROG_LIBTOOL.
 AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
   AC_CHECK_LIB(ltdl, main,
@@ -607,8 +598,8 @@
   ])
   if test x"$enable_ltdl_install" = x"yes"; then
     ac_configure_args="$ac_configure_args --enable-ltdl-install"
-    LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
-    INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+    LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la
+    INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
   else
     ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
     LIBLTDL="-lltdl"
--- ./config.h.in.orig  Wed Mar 14 04:49:33 2001
+++ ./config.h.in       Thu Mar 28 12:40:23 2002
@@ -86,6 +86,12 @@
 /* do we have PAM for plaintext password checking? */
 #undef HAVE_PAM
 
+/* do we have MySQL for plaintext password checking? */
+#undef HAVE_MYSQL
+
+/* do we have LDAP for plaintext password checking? */
+#undef HAVE_LDAP
+
 /* what flavor of GSSAPI are we using? */
 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
 
--- ./configure.in.orig Sat Mar 24 01:47:27 2001
+++ ./configure.in      Thu Mar 28 12:40:23 2002
@@ -322,6 +322,94 @@
 fi
 AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no)
 
+
+############################################################################
+# Simon Loader tries to do auto conf
+dnl MySQL
+AC_ARG_WITH(mysql,  [ --with-mysql=PATH        enable authentication from MySQL database [no] ],
+  with_mysql=$withval,
+  with_mysql=no)
+
+# fine location of library 
+# prsumesing if one given then correct
+if test "${with_mysql}" = "yes"; then
+  for mysqlloc in lib/mysql lib
+  do
+    if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then
+      with_mysql="${prefix}"
+      break
+    elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then
+      with_mysql="/usr/local"
+      break
+    elif test -f /usr/${mysqlloc}/libmysqlclient.a; then
+      with_mysql="/usr"
+      break
+    fi
+  done
+fi
+
+case "$with_mysql" in
+    no) true;;
+    *)
+     if test -d ${with_mysql}/include/mysql; then
+         CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include/mysql"
+         LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql"
+     else
+         CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include"
+         LDFLAGS="$LDFLAGS -L${with_mysql}/lib"
+     fi
+       AC_CHECK_LIB(mysqlclient, mysql_select_db,[
+                                       LIB_MYSQL="-lmysqlclient"
+         AC_DEFINE(HAVE_MYSQL)],
+         [AC_ERROR([MYSQL libarary mysqlclient not found])]);;
+        
+esac
+AC_SUBST(LIB_MYSQL)
+
+dnl LDAP
+AC_ARG_WITH(ldap, [  --with-ldap=PATH         enable authentication from LDAP [no] ],
+  with_ldap=$withval,
+  with_ldap=no)
+
+if test "$with_ldap" =  "yes"; then
+  for ldaploc in lib/ldap lib
+  do
+    if test -f ${prefix}/${ldaploc}/libldap.a; then
+      with_ldap="${prefix}"
+      break   
+    elif test -f /usr/local/${ldaploc}/libldap.a; then
+      with_ldap="/usr/local"
+      break
+    elif test -f /usr/${ldaploc}/libldap.a; then
+      with_ldap="/usr"
+      break
+    fi
+  done
+fi
+
+case "$with_ldap" in
+    no) true;;
+    *)
+     if test -d ${with_ldap}/include/ldap; then
+         CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap"
+         LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap"
+     else
+         CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+         LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
+     fi
+     AC_CHECK_LIB(ldap, ldap_open,[
+                                               LIB_LDAP="-lldap -llber"
+           AC_DEFINE(HAVE_LDAP)],
+           [AC_ERROR([LDAP libarary ldap and lber not found])],
+            [-llber]);;
+esac
+AC_SUBST(LIB_LDAP)
+
+
+# end of addition
+#######################################################################
+
+
 dnl CRAM-MD5
 AC_ARG_ENABLE(cram, [  --enable-cram           enable CRAM-MD5 authentication [yes] ],
   cram=$enableval,