|
 |
306fa1 |
autofs-5.1.1 - fix error handling on ldap bind fail
|
|
|
306fa1 |
|
|
|
306fa1 |
From: Ian Kent <raven@themaw.net>
|
|
|
306fa1 |
|
|
|
306fa1 |
When calling unbind_ldap_connection() if a sasl connection is
|
|
|
306fa1 |
being used then autofs_sasl_unbind() should be called and not
|
|
|
306fa1 |
ldap_unbind_ext(), otherwise the ldap connection release code
|
|
|
306fa1 |
could be called twice.
|
|
|
306fa1 |
|
|
|
306fa1 |
So, in unbind_ldap_connection() check if a sasl connection is in
|
|
|
306fa1 |
use and unbind it if it is otherwise call ldap_unbind_ext() to
|
|
|
306fa1 |
release the ldap connection.
|
|
|
306fa1 |
|
|
|
306fa1 |
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
|
306fa1 |
---
|
|
|
306fa1 |
CHANGELOG | 1 +
|
|
|
306fa1 |
modules/lookup_ldap.c | 17 ++++++++++-------
|
|
|
306fa1 |
2 files changed, 11 insertions(+), 7 deletions(-)
|
|
|
306fa1 |
|
|
|
306fa1 |
--- autofs-5.0.7.orig/CHANGELOG
|
|
|
306fa1 |
+++ autofs-5.0.7/CHANGELOG
|
|
|
306fa1 |
@@ -191,6 +191,7 @@
|
|
|
306fa1 |
- fix rwlock unlock crash.
|
|
|
306fa1 |
- fix handle_mounts() termination condition check.
|
|
|
306fa1 |
- fix config old name lookup.
|
|
|
306fa1 |
+- fix error handling on ldap bind fail.
|
|
|
306fa1 |
|
|
|
306fa1 |
25/07/2012 autofs-5.0.7
|
|
|
306fa1 |
=======================
|
|
|
306fa1 |
--- autofs-5.0.7.orig/modules/lookup_ldap.c
|
|
|
306fa1 |
+++ autofs-5.0.7/modules/lookup_ldap.c
|
|
|
306fa1 |
@@ -216,15 +216,18 @@ int bind_ldap_simple(unsigned logopt, LD
|
|
|
306fa1 |
|
|
|
306fa1 |
int __unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
|
|
|
306fa1 |
{
|
|
|
306fa1 |
- int rv;
|
|
|
306fa1 |
+ int rv = LDAP_SUCCESS;
|
|
|
306fa1 |
|
|
|
306fa1 |
if (ctxt->use_tls == LDAP_TLS_RELEASE)
|
|
|
306fa1 |
ctxt->use_tls = LDAP_TLS_INIT;
|
|
|
306fa1 |
#ifdef WITH_SASL
|
|
|
306fa1 |
- autofs_sasl_unbind(ctxt);
|
|
|
306fa1 |
-#endif
|
|
|
306fa1 |
-
|
|
|
306fa1 |
+ if (ctxt->auth_required & LDAP_NEED_AUTH)
|
|
|
306fa1 |
+ autofs_sasl_unbind(ctxt);
|
|
|
306fa1 |
+ else
|
|
|
306fa1 |
+ rv = ldap_unbind_ext(ldap, NULL, NULL);
|
|
|
306fa1 |
+#else
|
|
|
306fa1 |
rv = ldap_unbind_ext(ldap, NULL, NULL);
|
|
|
306fa1 |
+#endif
|
|
|
306fa1 |
if (rv != LDAP_SUCCESS)
|
|
|
306fa1 |
error(logopt, "unbind failed: %s", ldap_err2string(rv));
|
|
|
306fa1 |
|
|
|
306fa1 |
@@ -302,7 +305,7 @@ LDAP *__init_ldap_connection(unsigned lo
|
|
|
306fa1 |
|
|
|
306fa1 |
rv = ldap_start_tls_s(ldap, NULL, NULL);
|
|
|
306fa1 |
if (rv != LDAP_SUCCESS) {
|
|
|
306fa1 |
- __unbind_ldap_connection(logopt, ldap, ctxt);
|
|
|
306fa1 |
+ ldap_unbind_ext(ldap, NULL, NULL);
|
|
|
306fa1 |
if (ctxt->tls_required) {
|
|
|
306fa1 |
error(logopt, MODPREFIX
|
|
|
306fa1 |
"TLS required but START_TLS failed: %s",
|
|
|
306fa1 |
@@ -576,14 +579,13 @@ static int do_bind(unsigned logopt, LDAP
|
|
|
306fa1 |
char *host = NULL, *nhost;
|
|
|
306fa1 |
int rv;
|
|
|
306fa1 |
|
|
|
306fa1 |
+ ldapinit_mutex_lock();
|
|
|
306fa1 |
#ifdef WITH_SASL
|
|
|
306fa1 |
debug(logopt, MODPREFIX "auth_required: %d, sasl_mech %s",
|
|
|
306fa1 |
ctxt->auth_required, ctxt->sasl_mech);
|
|
|
306fa1 |
|
|
|
306fa1 |
if (ctxt->auth_required & LDAP_NEED_AUTH) {
|
|
|
306fa1 |
- ldapinit_mutex_lock();
|
|
|
306fa1 |
rv = autofs_sasl_bind(logopt, ldap, ctxt);
|
|
|
306fa1 |
- ldapinit_mutex_unlock();
|
|
|
306fa1 |
debug(logopt, MODPREFIX "autofs_sasl_bind returned %d", rv);
|
|
|
306fa1 |
} else {
|
|
|
306fa1 |
rv = bind_ldap_simple(logopt, ldap, uri, ctxt);
|
|
|
306fa1 |
@@ -593,6 +595,7 @@ static int do_bind(unsigned logopt, LDAP
|
|
|
306fa1 |
rv = bind_ldap_simple(logopt, ldap, uri, ctxt);
|
|
|
306fa1 |
debug(logopt, MODPREFIX "ldap simple bind returned %d", rv);
|
|
|
306fa1 |
#endif
|
|
|
306fa1 |
+ ldapinit_mutex_unlock();
|
|
|
306fa1 |
|
|
|
306fa1 |
if (rv != 0)
|
|
|
306fa1 |
return 0;
|