Mercurial > illumos > illumos-gate

changeset 12835:2541b129e1fc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6786011 LDAP SASL bind operation should not disable metaslot globally
author Julian Pullen <Julian.Pullen@Sun.COM>
date Wed, 14 Jul 2010 15:16:32 +0100
parents 0bbdeb5a954e
children 66c93397e15b
files usr/src/lib/libsldap/common/ns_connect.c usr/src/lib/libsldap/common/ns_internal.h usr/src/lib/libsldap/common/ns_sasl.c
diffstat 3 files changed, 6 insertions(+), 53 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/lib/libsldap/common/ns_connect.c	Wed Jul 14 17:14:56 2010 +0800
+++ b/usr/src/lib/libsldap/common/ns_connect.c	Wed Jul 14 15:16:32 2010 +0100
@@ -20,8 +20,7 @@
  */
 
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <stdlib.h>
@@ -2548,19 +2547,6 @@
 		free(digest_md5_name);
 		break;
 	case NS_LDAP_SASL_GSSAPI:
-		if (sasl_gssapi_inited == 0) {
-			ret_code = __s_api_sasl_gssapi_init();
-			if (ret_code != NS_LDAP_SUCCESS) {
-				(void) snprintf(errstr, sizeof (errstr),
-				    gettext("openConnection: "
-				    "GSSAPI initialization "
-				    "failed"));
-				(void) ldap_unbind(ld);
-				MKERROR(LOG_WARNING, *errorp, ret_code,
-				    strdup(errstr), NS_LDAP_MEMORY);
-				return (ret_code);
-			}
-		}
 		(void) memset(&sasl_param, 0,
 		    sizeof (ns_sasl_cb_param_t));
 		sasl_param.authid = NULL;
--- a/usr/src/lib/libsldap/common/ns_internal.h	Wed Jul 14 17:14:56 2010 +0800
+++ b/usr/src/lib/libsldap/common/ns_internal.h	Wed Jul 14 15:16:32 2010 +0100
@@ -18,6 +18,7 @@
  *
  * CDDL HEADER END
  */
+
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  */
@@ -727,9 +728,6 @@
 	char	*realm;
 } ns_sasl_cb_param_t;
 
-/* self/sasl/gssapi variable */
-extern int sasl_gssapi_inited;
-
 /* Multiple threads per connection variable */
 extern int MTperConn;
 
@@ -941,7 +939,6 @@
 			void		*in);
 
 int		__s_api_self_gssapi_only_get(void);
-int		__s_api_sasl_gssapi_init(void);
 
 int		__print2buf(LineBuf *line, const char *toprint, char *sep);
 
--- a/usr/src/lib/libsldap/common/ns_sasl.c	Wed Jul 14 17:14:56 2010 +0800
+++ b/usr/src/lib/libsldap/common/ns_sasl.c	Wed Jul 14 15:16:32 2010 +0100
@@ -18,9 +18,9 @@
  *
  * CDDL HEADER END
  */
+
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <stdio.h>
@@ -58,38 +58,6 @@
 #define	CLIENT_FPRINTF if (mode_verbose && !mode_quiet) (void) fprintf
 
 /*
- * One time initializtion
- */
-int		sasl_gssapi_inited = 0;
-static mutex_t	sasl_gssapi_lock = DEFAULTMUTEX;
-int
-__s_api_sasl_gssapi_init(void) {
-	int rc = NS_LDAP_SUCCESS;
-	(void) mutex_lock(&sasl_gssapi_lock);
-	if (!sasl_gssapi_inited) {
-			if (getuid() == 0) {
-				if (system(
-					"/usr/sbin/cryptoadm disable metaslot")
-					== 0) {
-					syslog(LOG_WARNING,
-						"libsldap: Metaslot disabled "
-						"for self credential mode");
-					sasl_gssapi_inited = 1;
-				} else {
-					syslog(LOG_ERR,
-						"libsldap: Can't disable "
-						"Metaslot for self credential "
-						"mode");
-					rc = NS_LDAP_INTERNAL;
-				}
-			}
-	}
-	(void) mutex_unlock(&sasl_gssapi_lock);
-
-	return (rc);
-}
-
-/*
  * nscd calls this function to set self_gssapi_only flag so libsldap performs
  * sasl/GSSAPI bind only. Also see comments of __ns_ldap_self_gssapi_config.
  *
@@ -102,6 +70,7 @@
 	self_gssapi_only = flag;
 	(void) mutex_unlock(&self_gssapi_only_lock);
 }
+
 /*
  * Get the flag value of self_gssapi_only
  */
@@ -113,6 +82,7 @@
 	(void) mutex_unlock(&self_gssapi_only_lock);
 	return (flag);
 }
+
 /*
  * nscd calls this function to detect the current native ldap configuration.
  * The output are