rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.1-fix-unbind-external-mech.patch

c7-beta
  1.   304803b204774c61cfb0ff95b8d7f848bae809b4
  2.   SOURCES
  3.   autofs-5.1.1-fix-unbind-external-mech.patch
Blob History Raw
304803 
autofs-5.1.1 - fix unbind sasl external mech
304803
304803 
From: Ian Kent <raven@themaw.net>
304803
304803 
If the sasl EXTERNAL mechanism is being used autofs leaks ldap
304803 
connection resources.
304803
304803 
In this case the current ldap connection needs to be unbound
304803 
when calling autofs_sasl_unbind() or autofs_sasl_dispose().
304803
304803 
Signed-off-by: Ian Kent <raven@themaw.net>
304803 
---
304803 
 CHANGELOG             |    1 +
304803 
 include/lookup_ldap.h |    4 ++--
304803 
 modules/cyrus-sasl.c  |   15 +++++++++++++--
304803 
 modules/lookup_ldap.c |   12 ++++++------
304803 
 4 files changed, 22 insertions(+), 10 deletions(-)
304803
304803 
--- autofs-5.0.7.orig/CHANGELOG
304803 
+++ autofs-5.0.7/CHANGELOG
304803 
@@ -196,6 +196,7 @@
304803 
 - fix missing source sss in multi map lookup.
304803 
 - fix update_hosts_mounts() return.
304803 
 - change lookup to use reinit instead of reopen.
304803 
+- fix unbind sasl external mech.
304803
304803 
 25/07/2012 autofs-5.0.7
304803 
 =======================
304803 
--- autofs-5.0.7.orig/include/lookup_ldap.h
304803 
+++ autofs-5.0.7/include/lookup_ldap.h
304803 
@@ -121,8 +121,8 @@ int authtype_requires_creds(const char *
304803 
 int autofs_sasl_client_init(unsigned logopt);
304803 
 int autofs_sasl_init(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
304803 
 int autofs_sasl_bind(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
304803 
-void autofs_sasl_unbind(struct lookup_context *ctxt);
304803 
-void autofs_sasl_dispose(struct lookup_context *ctxt);
304803 
+void autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt);
304803 
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt);
304803 
 void autofs_sasl_done(void);
304803 
 /* cyrus-sasl-extern */
304803 
 int do_sasl_extern(LDAP *ldap, struct lookup_context *ctxt);
304803 
--- autofs-5.0.7.orig/modules/cyrus-sasl.c
304803 
+++ autofs-5.0.7/modules/cyrus-sasl.c
304803 
@@ -855,8 +855,13 @@ sasl_choose_mech(unsigned logopt, LDAP *
304803 
  *  Routine called when unbinding an ldap connection.
304803 
  */
304803 
 void
304803 
-autofs_sasl_unbind(struct lookup_context *ctxt)
304803 
+autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt)
304803 
 {
304803 
+	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
304803 
+		ldap_unbind_s(ldap);
304803 
+		return;
304803 
+	}
304803 
+
304803 
 	if (ctxt->sasl_conn) {
304803 
 		sasl_dispose(&ctxt->sasl_conn);
304803 
 		ctxt->sasl_conn = NULL;
304803 
@@ -933,10 +938,16 @@ autofs_sasl_bind(unsigned logopt, LDAP *
304803 
  *  Destructor routine.  This should be called when finished with an ldap
304803 
  *  session.
304803 
  */
304803 
-void autofs_sasl_dispose(struct lookup_context *ctxt)
304803 
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt)
304803 
 {
304803 
 	int status, ret;
304803
304803 
+	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
304803 
+		if (ldap)
304803 
+			ldap_unbind_s(ldap);
304803 
+		return;
304803 
+	}
304803 
+
304803 
 	if (ctxt->sasl_conn) {
304803 
 		sasl_dispose(&ctxt->sasl_conn);
304803 
 		ctxt->sasl_conn = NULL;
304803 
--- autofs-5.0.7.orig/modules/lookup_ldap.c
304803 
+++ autofs-5.0.7/modules/lookup_ldap.c
304803 
@@ -222,7 +222,7 @@ int __unbind_ldap_connection(unsigned lo
304803 
 		ctxt->use_tls = LDAP_TLS_INIT;
304803 
 #ifdef WITH_SASL
304803 
 	if (ctxt->auth_required & LDAP_NEED_AUTH)
304803 
-		autofs_sasl_unbind(ctxt);
304803 
+		autofs_sasl_unbind(ldap, ctxt);
304803 
 	else
304803 
 		rv = ldap_unbind_ext(ldap, NULL, NULL);
304803 
 #else
304803 
@@ -978,7 +978,7 @@ static int do_reconnect(unsigned logopt,
304803 
 		if (ctxt->auth_required & LDAP_NEED_AUTH &&
304803 
 		    ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) {
304803 
 			ldapinit_mutex_lock();
304803 
-			autofs_sasl_dispose(ctxt);
304803 
+			autofs_sasl_dispose(*ldap, ctxt);
304803 
 			ldapinit_mutex_unlock();
304803 
 			ret = connect_to_server(logopt, ldap,
304803 
 						ctxt->server, ctxt);
304803 
@@ -1018,7 +1018,7 @@ static int do_reconnect(unsigned logopt,
304803 
 	if (ctxt->auth_required & LDAP_NEED_AUTH &&
304803 
 	    rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) {
304803 
 		ldapinit_mutex_lock();
304803 
-		autofs_sasl_dispose(ctxt);
304803 
+		autofs_sasl_dispose(*ldap, ctxt);
304803 
 		ldapinit_mutex_unlock();
304803 
 		rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt);
304803 
 	}
304803 
@@ -1031,7 +1031,7 @@ static int do_reconnect(unsigned logopt,
304803 
 find_server:
304803 
 #ifdef WITH_SASL
304803 
 	ldapinit_mutex_lock();
304803 
-	autofs_sasl_dispose(ctxt);
304803 
+	autofs_sasl_dispose(*ldap, ctxt);
304803 
 	ldapinit_mutex_unlock();
304803 
 #endif
304803
304803 
@@ -1879,7 +1879,7 @@ int lookup_reinit(const char *mapfmt,
304803
304803 
 #ifdef WITH_SASL
304803 
 	ldapinit_mutex_lock();
304803 
-	autofs_sasl_dispose(ctxt);
304803 
+	autofs_sasl_dispose(NULL, ctxt);
304803 
 	ldapinit_mutex_unlock();
304803 
 #endif
304803 
 	free_context(ctxt);
304803 
@@ -3816,7 +3816,7 @@ int lookup_done(void *context)
304803 
 	int rv = close_parse(ctxt->parse);
304803 
 #ifdef WITH_SASL
304803 
 	ldapinit_mutex_lock();
304803 
-	autofs_sasl_dispose(ctxt);
304803 
+	autofs_sasl_dispose(NULL, ctxt);
304803 
 	autofs_sasl_done();
304803 
 	ldapinit_mutex_unlock();
304803 
 #endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation