Mercurial > illumos > illumos-gate
changeset 12835:2541b129e1fc
6786011 LDAP SASL bind operation should not disable metaslot globally
author | Julian Pullen <Julian.Pullen@Sun.COM> |
---|---|
date | Wed, 14 Jul 2010 15:16:32 +0100 |
parents | 0bbdeb5a954e |
children | 66c93397e15b |
files | usr/src/lib/libsldap/common/ns_connect.c usr/src/lib/libsldap/common/ns_internal.h usr/src/lib/libsldap/common/ns_sasl.c |
diffstat | 3 files changed, 6 insertions(+), 53 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/libsldap/common/ns_connect.c Wed Jul 14 17:14:56 2010 +0800 +++ b/usr/src/lib/libsldap/common/ns_connect.c Wed Jul 14 15:16:32 2010 +0100 @@ -20,8 +20,7 @@ */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <stdlib.h> @@ -2548,19 +2547,6 @@ free(digest_md5_name); break; case NS_LDAP_SASL_GSSAPI: - if (sasl_gssapi_inited == 0) { - ret_code = __s_api_sasl_gssapi_init(); - if (ret_code != NS_LDAP_SUCCESS) { - (void) snprintf(errstr, sizeof (errstr), - gettext("openConnection: " - "GSSAPI initialization " - "failed")); - (void) ldap_unbind(ld); - MKERROR(LOG_WARNING, *errorp, ret_code, - strdup(errstr), NS_LDAP_MEMORY); - return (ret_code); - } - } (void) memset(&sasl_param, 0, sizeof (ns_sasl_cb_param_t)); sasl_param.authid = NULL;
--- a/usr/src/lib/libsldap/common/ns_internal.h Wed Jul 14 17:14:56 2010 +0800 +++ b/usr/src/lib/libsldap/common/ns_internal.h Wed Jul 14 15:16:32 2010 +0100 @@ -18,6 +18,7 @@ * * CDDL HEADER END */ + /* * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ @@ -727,9 +728,6 @@ char *realm; } ns_sasl_cb_param_t; -/* self/sasl/gssapi variable */ -extern int sasl_gssapi_inited; - /* Multiple threads per connection variable */ extern int MTperConn; @@ -941,7 +939,6 @@ void *in); int __s_api_self_gssapi_only_get(void); -int __s_api_sasl_gssapi_init(void); int __print2buf(LineBuf *line, const char *toprint, char *sep);
--- a/usr/src/lib/libsldap/common/ns_sasl.c Wed Jul 14 17:14:56 2010 +0800 +++ b/usr/src/lib/libsldap/common/ns_sasl.c Wed Jul 14 15:16:32 2010 +0100 @@ -18,9 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <stdio.h> @@ -58,38 +58,6 @@ #define CLIENT_FPRINTF if (mode_verbose && !mode_quiet) (void) fprintf /* - * One time initializtion - */ -int sasl_gssapi_inited = 0; -static mutex_t sasl_gssapi_lock = DEFAULTMUTEX; -int -__s_api_sasl_gssapi_init(void) { - int rc = NS_LDAP_SUCCESS; - (void) mutex_lock(&sasl_gssapi_lock); - if (!sasl_gssapi_inited) { - if (getuid() == 0) { - if (system( - "/usr/sbin/cryptoadm disable metaslot") - == 0) { - syslog(LOG_WARNING, - "libsldap: Metaslot disabled " - "for self credential mode"); - sasl_gssapi_inited = 1; - } else { - syslog(LOG_ERR, - "libsldap: Can't disable " - "Metaslot for self credential " - "mode"); - rc = NS_LDAP_INTERNAL; - } - } - } - (void) mutex_unlock(&sasl_gssapi_lock); - - return (rc); -} - -/* * nscd calls this function to set self_gssapi_only flag so libsldap performs * sasl/GSSAPI bind only. Also see comments of __ns_ldap_self_gssapi_config. * @@ -102,6 +70,7 @@ self_gssapi_only = flag; (void) mutex_unlock(&self_gssapi_only_lock); } + /* * Get the flag value of self_gssapi_only */ @@ -113,6 +82,7 @@ (void) mutex_unlock(&self_gssapi_only_lock); return (flag); } + /* * nscd calls this function to detect the current native ldap configuration. * The output are