Blame SOURCES/autofs-5.1.1-fix-error-handling-on-ldap-bind-fail.patch

306fa1
autofs-5.1.1 - fix error handling on ldap bind fail
306fa1
306fa1
From: Ian Kent <raven@themaw.net>
306fa1
306fa1
When calling unbind_ldap_connection() if a sasl connection is
306fa1
being used then autofs_sasl_unbind() should be called and not
306fa1
ldap_unbind_ext(), otherwise the ldap connection release code
306fa1
could be called twice.
306fa1
306fa1
So, in unbind_ldap_connection() check if a sasl connection is in
306fa1
use and unbind it if it is otherwise call ldap_unbind_ext() to
306fa1
release the ldap connection.
306fa1
306fa1
Signed-off-by: Ian Kent <raven@themaw.net>
306fa1
---
306fa1
 CHANGELOG             |    1 +
306fa1
 modules/lookup_ldap.c |   17 ++++++++++-------
306fa1
 2 files changed, 11 insertions(+), 7 deletions(-)
306fa1
306fa1
--- autofs-5.0.7.orig/CHANGELOG
306fa1
+++ autofs-5.0.7/CHANGELOG
306fa1
@@ -191,6 +191,7 @@
306fa1
 - fix rwlock unlock crash.
306fa1
 - fix handle_mounts() termination condition check.
306fa1
 - fix config old name lookup.
306fa1
+- fix error handling on ldap bind fail.
306fa1
 
306fa1
 25/07/2012 autofs-5.0.7
306fa1
 =======================
306fa1
--- autofs-5.0.7.orig/modules/lookup_ldap.c
306fa1
+++ autofs-5.0.7/modules/lookup_ldap.c
306fa1
@@ -216,15 +216,18 @@ int bind_ldap_simple(unsigned logopt, LD
306fa1
 
306fa1
 int __unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
306fa1
 {
306fa1
-	int rv;
306fa1
+	int rv = LDAP_SUCCESS;
306fa1
 
306fa1
 	if (ctxt->use_tls == LDAP_TLS_RELEASE)
306fa1
 		ctxt->use_tls = LDAP_TLS_INIT;
306fa1
 #ifdef WITH_SASL
306fa1
-	autofs_sasl_unbind(ctxt);
306fa1
-#endif
306fa1
-
306fa1
+	if (ctxt->auth_required & LDAP_NEED_AUTH)
306fa1
+		autofs_sasl_unbind(ctxt);
306fa1
+	else
306fa1
+		rv = ldap_unbind_ext(ldap, NULL, NULL);
306fa1
+#else
306fa1
 	rv = ldap_unbind_ext(ldap, NULL, NULL);
306fa1
+#endif
306fa1
 	if (rv != LDAP_SUCCESS)
306fa1
 		error(logopt, "unbind failed: %s", ldap_err2string(rv));
306fa1
 
306fa1
@@ -302,7 +305,7 @@ LDAP *__init_ldap_connection(unsigned lo
306fa1
 
306fa1
 		rv = ldap_start_tls_s(ldap, NULL, NULL);
306fa1
 		if (rv != LDAP_SUCCESS) {
306fa1
-			__unbind_ldap_connection(logopt, ldap, ctxt);
306fa1
+			ldap_unbind_ext(ldap, NULL, NULL);
306fa1
 			if (ctxt->tls_required) {
306fa1
 				error(logopt, MODPREFIX
306fa1
 				      "TLS required but START_TLS failed: %s",
306fa1
@@ -576,14 +579,13 @@ static int do_bind(unsigned logopt, LDAP
306fa1
 	char *host = NULL, *nhost;
306fa1
 	int rv;
306fa1
 
306fa1
+	ldapinit_mutex_lock();
306fa1
 #ifdef WITH_SASL
306fa1
 	debug(logopt, MODPREFIX "auth_required: %d, sasl_mech %s",
306fa1
 	      ctxt->auth_required, ctxt->sasl_mech);
306fa1
 
306fa1
 	if (ctxt->auth_required & LDAP_NEED_AUTH) {
306fa1
-		ldapinit_mutex_lock();
306fa1
 		rv = autofs_sasl_bind(logopt, ldap, ctxt);
306fa1
-		ldapinit_mutex_unlock();
306fa1
 		debug(logopt, MODPREFIX "autofs_sasl_bind returned %d", rv);
306fa1
 	} else {
306fa1
 		rv = bind_ldap_simple(logopt, ldap, uri, ctxt);
306fa1
@@ -593,6 +595,7 @@ static int do_bind(unsigned logopt, LDAP
306fa1
 	rv = bind_ldap_simple(logopt, ldap, uri, ctxt);
306fa1
 	debug(logopt, MODPREFIX "ldap simple bind returned %d", rv);
306fa1
 #endif
306fa1
+	ldapinit_mutex_unlock();
306fa1
 
306fa1
 	if (rv != 0)
306fa1
 		return 0;