rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.1-fix-unbind-external-mech.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-alt
  2.   SOURCES
  3.   autofs-5.1.1-fix-unbind-external-mech.patch
Blob History Raw
4d476f 
autofs-5.1.1 - fix unbind sasl external mech
4d476f
4d476f 
From: Ian Kent <raven@themaw.net>
4d476f
4d476f 
If the sasl EXTERNAL mechanism is being used autofs leaks ldap
4d476f 
connection resources.
4d476f
4d476f 
In this case the current ldap connection needs to be unbound
4d476f 
when calling autofs_sasl_unbind() or autofs_sasl_dispose().
4d476f
4d476f 
Signed-off-by: Ian Kent <raven@themaw.net>
4d476f 
---
4d476f 
 CHANGELOG             |    1 +
4d476f 
 include/lookup_ldap.h |    4 ++--
4d476f 
 modules/cyrus-sasl.c  |   15 +++++++++++++--
4d476f 
 modules/lookup_ldap.c |   12 ++++++------
4d476f 
 4 files changed, 22 insertions(+), 10 deletions(-)
4d476f
4d476f 
--- autofs-5.0.7.orig/CHANGELOG
4d476f 
+++ autofs-5.0.7/CHANGELOG
4d476f 
@@ -196,6 +196,7 @@
4d476f 
 - fix missing source sss in multi map lookup.
4d476f 
 - fix update_hosts_mounts() return.
4d476f 
 - change lookup to use reinit instead of reopen.
4d476f 
+- fix unbind sasl external mech.
4d476f
4d476f 
 25/07/2012 autofs-5.0.7
4d476f 
 =======================
4d476f 
--- autofs-5.0.7.orig/include/lookup_ldap.h
4d476f 
+++ autofs-5.0.7/include/lookup_ldap.h
4d476f 
@@ -121,8 +121,8 @@ int authtype_requires_creds(const char *
4d476f 
 int autofs_sasl_client_init(unsigned logopt);
4d476f 
 int autofs_sasl_init(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
4d476f 
 int autofs_sasl_bind(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
4d476f 
-void autofs_sasl_unbind(struct lookup_context *ctxt);
4d476f 
-void autofs_sasl_dispose(struct lookup_context *ctxt);
4d476f 
+void autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt);
4d476f 
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt);
4d476f 
 void autofs_sasl_done(void);
4d476f 
 /* cyrus-sasl-extern */
4d476f 
 int do_sasl_extern(LDAP *ldap, struct lookup_context *ctxt);
4d476f 
--- autofs-5.0.7.orig/modules/cyrus-sasl.c
4d476f 
+++ autofs-5.0.7/modules/cyrus-sasl.c
4d476f 
@@ -855,8 +855,13 @@ sasl_choose_mech(unsigned logopt, LDAP *
4d476f 
  *  Routine called when unbinding an ldap connection.
4d476f 
  */
4d476f 
 void
4d476f 
-autofs_sasl_unbind(struct lookup_context *ctxt)
4d476f 
+autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt)
4d476f 
 {
4d476f 
+	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
4d476f 
+		ldap_unbind_s(ldap);
4d476f 
+		return;
4d476f 
+	}
4d476f 
+
4d476f 
 	if (ctxt->sasl_conn) {
4d476f 
 		sasl_dispose(&ctxt->sasl_conn);
4d476f 
 		ctxt->sasl_conn = NULL;
4d476f 
@@ -933,10 +938,16 @@ autofs_sasl_bind(unsigned logopt, LDAP *
4d476f 
  *  Destructor routine.  This should be called when finished with an ldap
4d476f 
  *  session.
4d476f 
  */
4d476f 
-void autofs_sasl_dispose(struct lookup_context *ctxt)
4d476f 
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt)
4d476f 
 {
4d476f 
 	int status, ret;
4d476f
4d476f 
+	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
4d476f 
+		if (ldap)
4d476f 
+			ldap_unbind_s(ldap);
4d476f 
+		return;
4d476f 
+	}
4d476f 
+
4d476f 
 	if (ctxt->sasl_conn) {
4d476f 
 		sasl_dispose(&ctxt->sasl_conn);
4d476f 
 		ctxt->sasl_conn = NULL;
4d476f 
--- autofs-5.0.7.orig/modules/lookup_ldap.c
4d476f 
+++ autofs-5.0.7/modules/lookup_ldap.c
4d476f 
@@ -222,7 +222,7 @@ int __unbind_ldap_connection(unsigned lo
4d476f 
 		ctxt->use_tls = LDAP_TLS_INIT;
4d476f 
 #ifdef WITH_SASL
4d476f 
 	if (ctxt->auth_required & LDAP_NEED_AUTH)
4d476f 
-		autofs_sasl_unbind(ctxt);
4d476f 
+		autofs_sasl_unbind(ldap, ctxt);
4d476f 
 	else
4d476f 
 		rv = ldap_unbind_ext(ldap, NULL, NULL);
4d476f 
 #else
4d476f 
@@ -978,7 +978,7 @@ static int do_reconnect(unsigned logopt,
4d476f 
 		if (ctxt->auth_required & LDAP_NEED_AUTH &&
4d476f 
 		    ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) {
4d476f 
 			ldapinit_mutex_lock();
4d476f 
-			autofs_sasl_dispose(ctxt);
4d476f 
+			autofs_sasl_dispose(*ldap, ctxt);
4d476f 
 			ldapinit_mutex_unlock();
4d476f 
 			ret = connect_to_server(logopt, ldap,
4d476f 
 						ctxt->server, ctxt);
4d476f 
@@ -1018,7 +1018,7 @@ static int do_reconnect(unsigned logopt,
4d476f 
 	if (ctxt->auth_required & LDAP_NEED_AUTH &&
4d476f 
 	    rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) {
4d476f 
 		ldapinit_mutex_lock();
4d476f 
-		autofs_sasl_dispose(ctxt);
4d476f 
+		autofs_sasl_dispose(*ldap, ctxt);
4d476f 
 		ldapinit_mutex_unlock();
4d476f 
 		rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt);
4d476f 
 	}
4d476f 
@@ -1031,7 +1031,7 @@ static int do_reconnect(unsigned logopt,
4d476f 
 find_server:
4d476f 
 #ifdef WITH_SASL
4d476f 
 	ldapinit_mutex_lock();
4d476f 
-	autofs_sasl_dispose(ctxt);
4d476f 
+	autofs_sasl_dispose(*ldap, ctxt);
4d476f 
 	ldapinit_mutex_unlock();
4d476f 
 #endif
4d476f
4d476f 
@@ -1879,7 +1879,7 @@ int lookup_reinit(const char *mapfmt,
4d476f
4d476f 
 #ifdef WITH_SASL
4d476f 
 	ldapinit_mutex_lock();
4d476f 
-	autofs_sasl_dispose(ctxt);
4d476f 
+	autofs_sasl_dispose(NULL, ctxt);
4d476f 
 	ldapinit_mutex_unlock();
4d476f 
 #endif
4d476f 
 	free_context(ctxt);
4d476f 
@@ -3816,7 +3816,7 @@ int lookup_done(void *context)
4d476f 
 	int rv = close_parse(ctxt->parse);
4d476f 
 #ifdef WITH_SASL
4d476f 
 	ldapinit_mutex_lock();
4d476f 
-	autofs_sasl_dispose(ctxt);
4d476f 
+	autofs_sasl_dispose(NULL, ctxt);
4d476f 
 	autofs_sasl_done();
4d476f 
 	ldapinit_mutex_unlock();
4d476f 
 #endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation