autofs-5.1.1 - fix unbind sasl external mech From: Ian Kent If the sasl EXTERNAL mechanism is being used autofs leaks ldap connection resources. In this case the current ldap connection needs to be unbound when calling autofs_sasl_unbind() or autofs_sasl_dispose(). Signed-off-by: Ian Kent --- CHANGELOG | 1 + include/lookup_ldap.h | 4 ++-- modules/cyrus-sasl.c | 15 +++++++++++++-- modules/lookup_ldap.c | 12 ++++++------ 4 files changed, 22 insertions(+), 10 deletions(-) --- autofs-5.0.7.orig/CHANGELOG +++ autofs-5.0.7/CHANGELOG @@ -196,6 +196,7 @@ - fix missing source sss in multi map lookup. - fix update_hosts_mounts() return. - change lookup to use reinit instead of reopen. +- fix unbind sasl external mech. 25/07/2012 autofs-5.0.7 ======================= --- autofs-5.0.7.orig/include/lookup_ldap.h +++ autofs-5.0.7/include/lookup_ldap.h @@ -121,8 +121,8 @@ int authtype_requires_creds(const char * int autofs_sasl_client_init(unsigned logopt); int autofs_sasl_init(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt); int autofs_sasl_bind(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt); -void autofs_sasl_unbind(struct lookup_context *ctxt); -void autofs_sasl_dispose(struct lookup_context *ctxt); +void autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt); +void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt); void autofs_sasl_done(void); /* cyrus-sasl-extern */ int do_sasl_extern(LDAP *ldap, struct lookup_context *ctxt); --- autofs-5.0.7.orig/modules/cyrus-sasl.c +++ autofs-5.0.7/modules/cyrus-sasl.c @@ -855,8 +855,13 @@ sasl_choose_mech(unsigned logopt, LDAP * * Routine called when unbinding an ldap connection. */ void -autofs_sasl_unbind(struct lookup_context *ctxt) +autofs_sasl_unbind(LDAP *ldap, struct lookup_context *ctxt) { + if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) { + ldap_unbind_s(ldap); + return; + } + if (ctxt->sasl_conn) { sasl_dispose(&ctxt->sasl_conn); ctxt->sasl_conn = NULL; @@ -933,10 +938,16 @@ autofs_sasl_bind(unsigned logopt, LDAP * * Destructor routine. This should be called when finished with an ldap * session. */ -void autofs_sasl_dispose(struct lookup_context *ctxt) +void autofs_sasl_dispose(LDAP *ldap, struct lookup_context *ctxt) { int status, ret; + if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) { + if (ldap) + ldap_unbind_s(ldap); + return; + } + if (ctxt->sasl_conn) { sasl_dispose(&ctxt->sasl_conn); ctxt->sasl_conn = NULL; --- autofs-5.0.7.orig/modules/lookup_ldap.c +++ autofs-5.0.7/modules/lookup_ldap.c @@ -222,7 +222,7 @@ int __unbind_ldap_connection(unsigned lo ctxt->use_tls = LDAP_TLS_INIT; #ifdef WITH_SASL if (ctxt->auth_required & LDAP_NEED_AUTH) - autofs_sasl_unbind(ctxt); + autofs_sasl_unbind(ldap, ctxt); else rv = ldap_unbind_ext(ldap, NULL, NULL); #else @@ -978,7 +978,7 @@ static int do_reconnect(unsigned logopt, if (ctxt->auth_required & LDAP_NEED_AUTH && ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) { ldapinit_mutex_lock(); - autofs_sasl_dispose(ctxt); + autofs_sasl_dispose(*ldap, ctxt); ldapinit_mutex_unlock(); ret = connect_to_server(logopt, ldap, ctxt->server, ctxt); @@ -1018,7 +1018,7 @@ static int do_reconnect(unsigned logopt, if (ctxt->auth_required & LDAP_NEED_AUTH && rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) { ldapinit_mutex_lock(); - autofs_sasl_dispose(ctxt); + autofs_sasl_dispose(*ldap, ctxt); ldapinit_mutex_unlock(); rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt); } @@ -1031,7 +1031,7 @@ static int do_reconnect(unsigned logopt, find_server: #ifdef WITH_SASL ldapinit_mutex_lock(); - autofs_sasl_dispose(ctxt); + autofs_sasl_dispose(*ldap, ctxt); ldapinit_mutex_unlock(); #endif @@ -1879,7 +1879,7 @@ int lookup_reinit(const char *mapfmt, #ifdef WITH_SASL ldapinit_mutex_lock(); - autofs_sasl_dispose(ctxt); + autofs_sasl_dispose(NULL, ctxt); ldapinit_mutex_unlock(); #endif free_context(ctxt); @@ -3816,7 +3816,7 @@ int lookup_done(void *context) int rv = close_parse(ctxt->parse); #ifdef WITH_SASL ldapinit_mutex_lock(); - autofs_sasl_dispose(ctxt); + autofs_sasl_dispose(NULL, ctxt); autofs_sasl_done(); ldapinit_mutex_unlock(); #endif