rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.1-fix-unbind-external-mech.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   autofs-5.1.1-fix-unbind-external-mech.patch
Blob History Raw
306fa1 
autofs-5.1.1 - fix unbind sasl external mech
306fa1
306fa1 
From: Ian Kent <raven@themaw.net>
306fa1
306fa1 
If the sasl EXTERNAL mechanism is being used autofs leaks ldap
306fa1 
connection resources.
306fa1
306fa1 
In this case the current ldap connection needs to be unbound
306fa1 
when calling autofs_sasl_unbind() or autofs_sasl_dispose().
306fa1
306fa1 
Signed-off-by: Ian Kent <raven@themaw.net>
306fa1 
---
306fa1 
 CHANGELOG             |    1 +
306fa1 
 include/lookup_ldap.h |    4 ++--
306fa1 
 modules/cyrus-sasl.c  |   15 +++++++++++++--
306fa1 
 modules/lookup_ldap.c |   12 ++++++------
306fa1 
 4 files changed, 22 insertions(+), 10 deletions(-)
306fa1
306fa1 
--- autofs-5.0.7.orig/CHANGELOG
306fa1 
+++ autofs-5.0.7/CHANGELOG
306fa1 
@@ -196,6 +196,7 @@
306fa1 
 - fix missing source sss in multi map lookup.
306fa1 
 - fix update_hosts_mounts() return.
306fa1 
 - change lookup to use reinit instead of reopen.
306fa1 
+- fix unbind sasl external mech.
306fa1
306fa1 
 25/07/2012 autofs-5.0.7
306fa1 
 =======================
306fa1 
--- autofs-5.0.7.orig/include/lookup_ldap.h
306fa1 
+++ autofs-5.0.7/include/lookup_ldap.h
306fa1 
@@ -121,8 +121,8 @@ int authtype_requires_creds(const char *
306fa1 
 int autofs_sasl_client_init(unsigned logopt);
306fa1 
 int autofs_sasl_init(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
306fa1 
 int autofs_sasl_bind(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt);
306fa1 
-void autofs_sasl_unbind(struct lookup_context *ctxt);
306fa1 
-void autofs_sasl_dispose(struct lookup_context *ctxt);
306fa1 
+void autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt);
306fa1 
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt);
306fa1 
 void autofs_sasl_done(void);
306fa1 
 /* cyrus-sasl-extern */
306fa1 
 int do_sasl_extern(LDAP *ldap, struct lookup_context *ctxt);
306fa1 
--- autofs-5.0.7.orig/modules/cyrus-sasl.c
306fa1 
+++ autofs-5.0.7/modules/cyrus-sasl.c
306fa1 
@@ -855,8 +855,13 @@ sasl_choose_mech(unsigned logopt, LDAP *
306fa1 
  *  Routine called when unbinding an ldap connection.
306fa1 
  */
306fa1 
 void
306fa1 
-autofs_sasl_unbind(struct lookup_context *ctxt)
306fa1 
+autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt)
306fa1 
 {
306fa1 
+	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
306fa1 
+		ldap_unbind_s(ldap);
306fa1 
+		return;
306fa1 
+	}
306fa1 
+
306fa1 
 	if (ctxt->sasl_conn) {
306fa1 
 		sasl_dispose(&ctxt->sasl_conn);
306fa1 
 		ctxt->sasl_conn = NULL;
306fa1 
@@ -933,10 +938,16 @@ autofs_sasl_bind(unsigned logopt, LDAP *
306fa1 
  *  Destructor routine.  This should be called when finished with an ldap
306fa1 
  *  session.
306fa1 
  */
306fa1 
-void autofs_sasl_dispose(struct lookup_context *ctxt)
306fa1 
+void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt)
306fa1 
 {
306fa1 
 	int status, ret;
306fa1
306fa1 
+	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
306fa1 
+		if (ldap)
306fa1 
+			ldap_unbind_s(ldap);
306fa1 
+		return;
306fa1 
+	}
306fa1 
+
306fa1 
 	if (ctxt->sasl_conn) {
306fa1 
 		sasl_dispose(&ctxt->sasl_conn);
306fa1 
 		ctxt->sasl_conn = NULL;
306fa1 
--- autofs-5.0.7.orig/modules/lookup_ldap.c
306fa1 
+++ autofs-5.0.7/modules/lookup_ldap.c
306fa1 
@@ -222,7 +222,7 @@ int __unbind_ldap_connection(unsigned lo
306fa1 
 		ctxt->use_tls = LDAP_TLS_INIT;
306fa1 
 #ifdef WITH_SASL
306fa1 
 	if (ctxt->auth_required & LDAP_NEED_AUTH)
306fa1 
-		autofs_sasl_unbind(ctxt);
306fa1 
+		autofs_sasl_unbind(ldap, ctxt);
306fa1 
 	else
306fa1 
 		rv = ldap_unbind_ext(ldap, NULL, NULL);
306fa1 
 #else
306fa1 
@@ -978,7 +978,7 @@ static int do_reconnect(unsigned logopt,
306fa1 
 		if (ctxt->auth_required & LDAP_NEED_AUTH &&
306fa1 
 		    ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) {
306fa1 
 			ldapinit_mutex_lock();
306fa1 
-			autofs_sasl_dispose(ctxt);
306fa1 
+			autofs_sasl_dispose(*ldap, ctxt);
306fa1 
 			ldapinit_mutex_unlock();
306fa1 
 			ret = connect_to_server(logopt, ldap,
306fa1 
 						ctxt->server, ctxt);
306fa1 
@@ -1018,7 +1018,7 @@ static int do_reconnect(unsigned logopt,
306fa1 
 	if (ctxt->auth_required & LDAP_NEED_AUTH &&
306fa1 
 	    rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) {
306fa1 
 		ldapinit_mutex_lock();
306fa1 
-		autofs_sasl_dispose(ctxt);
306fa1 
+		autofs_sasl_dispose(*ldap, ctxt);
306fa1 
 		ldapinit_mutex_unlock();
306fa1 
 		rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt);
306fa1 
 	}
306fa1 
@@ -1031,7 +1031,7 @@ static int do_reconnect(unsigned logopt,
306fa1 
 find_server:
306fa1 
 #ifdef WITH_SASL
306fa1 
 	ldapinit_mutex_lock();
306fa1 
-	autofs_sasl_dispose(ctxt);
306fa1 
+	autofs_sasl_dispose(*ldap, ctxt);
306fa1 
 	ldapinit_mutex_unlock();
306fa1 
 #endif
306fa1
306fa1 
@@ -1879,7 +1879,7 @@ int lookup_reinit(const char *mapfmt,
306fa1
306fa1 
 #ifdef WITH_SASL
306fa1 
 	ldapinit_mutex_lock();
306fa1 
-	autofs_sasl_dispose(ctxt);
306fa1 
+	autofs_sasl_dispose(NULL, ctxt);
306fa1 
 	ldapinit_mutex_unlock();
306fa1 
 #endif
306fa1 
 	free_context(ctxt);
306fa1 
@@ -3816,7 +3816,7 @@ int lookup_done(void *context)
306fa1 
 	int rv = close_parse(ctxt->parse);
306fa1 
 #ifdef WITH_SASL
306fa1 
 	ldapinit_mutex_lock();
306fa1 
-	autofs_sasl_dispose(ctxt);
306fa1 
+	autofs_sasl_dispose(NULL, ctxt);
306fa1 
 	autofs_sasl_done();
306fa1 
 	ldapinit_mutex_unlock();
306fa1 
 #endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation