|
 |
019928 |
autofs-5.1.1 - fix unbind sasl external mech
|
|
|
019928 |
|
|
|
019928 |
From: Ian Kent <raven@themaw.net>
|
|
|
019928 |
|
|
|
019928 |
If the sasl EXTERNAL mechanism is being used autofs leaks ldap
|
|
|
019928 |
connection resources.
|
|
|
019928 |
|
|
|
019928 |
In this case the current ldap connection needs to be unbound
|
|
|
019928 |
when calling autofs_sasl_unbind() or autofs_sasl_dispose().
|
|
|
019928 |
|
|
|
019928 |
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
|
019928 |
---
|
|
|
019928 |
CHANGELOG | 1 +
|
|
|
019928 |
include/lookup_ldap.h | 4 ++--
|
|
|
019928 |
modules/cyrus-sasl.c | 15 +++++++++++++--
|
|
|
019928 |
modules/lookup_ldap.c | 12 ++++++------
|
|
|
019928 |
4 files changed, 22 insertions(+), 10 deletions(-)
|
|
|
019928 |
|
|
|
019928 |
--- autofs-5.0.7.orig/CHANGELOG
|
|
|
019928 |
+++ autofs-5.0.7/CHANGELOG
|
|
|
019928 |
@@ -196,6 +196,7 @@
|
|
|
019928 |
- fix missing source sss in multi map lookup.
|
|
|
019928 |
- fix update_hosts_mounts() return.
|
|
|
019928 |
- change lookup to use reinit instead of reopen.
|
|
|
019928 |
+- fix unbind sasl external mech.
|
|
|
019928 |
|
|
|
019928 |
25/07/2012 autofs-5.0.7
|
|
|
019928 |
=======================
|
|
|
019928 |
--- autofs-5.0.7.orig/include/lookup_ldap.h
|
|
|
019928 |
+++ autofs-5.0.7/include/lookup_ldap.h
|
|
|
019928 |
@@ -121,8 +121,8 @@ int authtype_requires_creds(const char *
|
|
|
019928 |
int autofs_sasl_client_init(unsigned logopt);
|
|
|
019928 |
int autofs_sasl_init(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
|
|
|
019928 |
int autofs_sasl_bind(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
|
|
|
019928 |
-void autofs_sasl_unbind(struct lookup_context *ctxt);
|
|
|
019928 |
-void autofs_sasl_dispose(struct lookup_context *ctxt);
|
|
|
019928 |
+void autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt);
|
|
|
019928 |
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt);
|
|
|
019928 |
void autofs_sasl_done(void);
|
|
|
019928 |
/* cyrus-sasl-extern */
|
|
|
019928 |
int do_sasl_extern(LDAP *ldap, struct lookup_context *ctxt);
|
|
|
019928 |
--- autofs-5.0.7.orig/modules/cyrus-sasl.c
|
|
|
019928 |
+++ autofs-5.0.7/modules/cyrus-sasl.c
|
|
|
019928 |
@@ -855,8 +855,13 @@ sasl_choose_mech(unsigned logopt, LDAP *
|
|
|
019928 |
* Routine called when unbinding an ldap connection.
|
|
|
019928 |
*/
|
|
|
019928 |
void
|
|
|
019928 |
-autofs_sasl_unbind(struct lookup_context *ctxt)
|
|
|
019928 |
+autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt)
|
|
|
019928 |
{
|
|
|
019928 |
+ if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
|
|
|
019928 |
+ ldap_unbind_s(ldap);
|
|
|
019928 |
+ return;
|
|
|
019928 |
+ }
|
|
|
019928 |
+
|
|
|
019928 |
if (ctxt->sasl_conn) {
|
|
|
019928 |
sasl_dispose(&ctxt->sasl_conn);
|
|
|
019928 |
ctxt->sasl_conn = NULL;
|
|
|
019928 |
@@ -933,10 +938,16 @@ autofs_sasl_bind(unsigned logopt, LDAP *
|
|
|
019928 |
* Destructor routine. This should be called when finished with an ldap
|
|
|
019928 |
* session.
|
|
|
019928 |
*/
|
|
|
019928 |
-void autofs_sasl_dispose(struct lookup_context *ctxt)
|
|
|
019928 |
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt)
|
|
|
019928 |
{
|
|
|
019928 |
int status, ret;
|
|
|
019928 |
|
|
|
019928 |
+ if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
|
|
|
019928 |
+ if (ldap)
|
|
|
019928 |
+ ldap_unbind_s(ldap);
|
|
|
019928 |
+ return;
|
|
|
019928 |
+ }
|
|
|
019928 |
+
|
|
|
019928 |
if (ctxt->sasl_conn) {
|
|
|
019928 |
sasl_dispose(&ctxt->sasl_conn);
|
|
|
019928 |
ctxt->sasl_conn = NULL;
|
|
|
019928 |
--- autofs-5.0.7.orig/modules/lookup_ldap.c
|
|
|
019928 |
+++ autofs-5.0.7/modules/lookup_ldap.c
|
|
|
019928 |
@@ -222,7 +222,7 @@ int __unbind_ldap_connection(unsigned lo
|
|
|
019928 |
ctxt->use_tls = LDAP_TLS_INIT;
|
|
|
019928 |
#ifdef WITH_SASL
|
|
|
019928 |
if (ctxt->auth_required & LDAP_NEED_AUTH)
|
|
|
019928 |
- autofs_sasl_unbind(ctxt);
|
|
|
019928 |
+ autofs_sasl_unbind(ldap, ctxt);
|
|
|
019928 |
else
|
|
|
019928 |
rv = ldap_unbind_ext(ldap, NULL, NULL);
|
|
|
019928 |
#else
|
|
|
019928 |
@@ -978,7 +978,7 @@ static int do_reconnect(unsigned logopt,
|
|
|
019928 |
if (ctxt->auth_required & LDAP_NEED_AUTH &&
|
|
|
019928 |
ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) {
|
|
|
019928 |
ldapinit_mutex_lock();
|
|
|
019928 |
- autofs_sasl_dispose(ctxt);
|
|
|
019928 |
+ autofs_sasl_dispose(*ldap, ctxt);
|
|
|
019928 |
ldapinit_mutex_unlock();
|
|
|
019928 |
ret = connect_to_server(logopt, ldap,
|
|
|
019928 |
ctxt->server, ctxt);
|
|
|
019928 |
@@ -1018,7 +1018,7 @@ static int do_reconnect(unsigned logopt,
|
|
|
019928 |
if (ctxt->auth_required & LDAP_NEED_AUTH &&
|
|
|
019928 |
rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) {
|
|
|
019928 |
ldapinit_mutex_lock();
|
|
|
019928 |
- autofs_sasl_dispose(ctxt);
|
|
|
019928 |
+ autofs_sasl_dispose(*ldap, ctxt);
|
|
|
019928 |
ldapinit_mutex_unlock();
|
|
|
019928 |
rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt);
|
|
|
019928 |
}
|
|
|
019928 |
@@ -1031,7 +1031,7 @@ static int do_reconnect(unsigned logopt,
|
|
|
019928 |
find_server:
|
|
|
019928 |
#ifdef WITH_SASL
|
|
|
019928 |
ldapinit_mutex_lock();
|
|
|
019928 |
- autofs_sasl_dispose(ctxt);
|
|
|
019928 |
+ autofs_sasl_dispose(*ldap, ctxt);
|
|
|
019928 |
ldapinit_mutex_unlock();
|
|
|
019928 |
#endif
|
|
|
019928 |
|
|
|
019928 |
@@ -1879,7 +1879,7 @@ int lookup_reinit(const char *mapfmt,
|
|
|
019928 |
|
|
|
019928 |
#ifdef WITH_SASL
|
|
|
019928 |
ldapinit_mutex_lock();
|
|
|
019928 |
- autofs_sasl_dispose(ctxt);
|
|
|
019928 |
+ autofs_sasl_dispose(NULL, ctxt);
|
|
|
019928 |
ldapinit_mutex_unlock();
|
|
|
019928 |
#endif
|
|
|
019928 |
free_context(ctxt);
|
|
|
019928 |
@@ -3816,7 +3816,7 @@ int lookup_done(void *context)
|
|
|
019928 |
int rv = close_parse(ctxt->parse);
|
|
|
019928 |
#ifdef WITH_SASL
|
|
|
019928 |
ldapinit_mutex_lock();
|
|
|
019928 |
- autofs_sasl_dispose(ctxt);
|
|
|
019928 |
+ autofs_sasl_dispose(NULL, ctxt);
|
|
|
019928 |
autofs_sasl_done();
|
|
|
019928 |
ldapinit_mutex_unlock();
|
|
|
019928 |
#endif
|