- mount_nfs.c fix local rdma share not mounting.

- fix ldap sasl reconnect problem.
- samples/ldap.schema fix.

autofs-5.1.6-fix-ldap-sasl-reconnect-problem.patch

@@ -0,0 +1,347 @@
+autofs-5.1.6 - fix ldap sasl reconnect problem
+
+From: Ian Kent <raven@themaw.net>
+
+When performing an ldap sasl connection a two step initialisation
+was being done in an attempt to partially reuse existing connection
+setup.
+
+But if a network connectivity problem occurs the connection can end
+up only half initialized and recovery after connectivity is restored
+fails.
+
+So get rid of the two step initialization, as it's benefit was at best
+questionable, so that connection attempts either succeed or completely
+fail. This leaves the connection completely uninitialized if there's a
+network conectivity problem, ready for a new connection attempt.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG             |    1 
+ include/lookup_ldap.h |    1 
+ modules/cyrus-sasl.c  |  131 +++++++++++++++++++++++++-------------------------
+ 3 files changed, 68 insertions(+), 65 deletions(-)
+
+--- autofs-5.1.6.orig/CHANGELOG
++++ autofs-5.1.6/CHANGELOG
+@@ -12,6 +12,7 @@ xx/xx/2020 autofs-5.1.7
+ - fix quoted string length calc in expandsunent().
+ - fix autofs mount options construction.
+ - mount_nfs.c fix local rdma share not mounting.
++- fix ldap sasl reconnect problem.
+ 
+ 07/10/2019 autofs-5.1.6
+ - support strictexpire mount option.
+--- autofs-5.1.6.orig/include/lookup_ldap.h
++++ autofs-5.1.6/include/lookup_ldap.h
+@@ -87,7 +87,6 @@ struct lookup_context {
+ 	char        *secret;
+ 	char        *client_princ;
+ 	char        *client_cc;
+-	int          kinit_done;
+ 	int          kinit_successful;
+ #ifdef WITH_SASL
+ 	/* Kerberos */
+--- autofs-5.1.6.orig/modules/cyrus-sasl.c
++++ autofs-5.1.6/modules/cyrus-sasl.c
+@@ -396,9 +396,9 @@ do_sasl_bind(unsigned logopt, LDAP *ld,
+  *  cache, add the TGT to that cache, and set the environment variable so
+  *  that the sasl/krb5 libraries can find our credentials.
+  *
+- *  Returns 0 upon success.  ctxt->kinit_done and ctxt->kinit_successful
+- *  are set for cleanup purposes.  The krb5 context and ccache entries in
+- *  the lookup_context are also filled in.
++ *  Returns 0 upon success.  ctxt->kinit_successful is set for cleanup
++ *  purposes.  The krb5 context and ccache entries in the lookup_context
++ *  are also filled in.
+  *
+  *  Upon failure, -1 is returned.
+  */
+@@ -412,9 +412,16 @@ sasl_do_kinit(unsigned logopt, struct lo
+ 	const char *realm_name;
+ 	int status, realm_length;
+ 
+-	if (ctxt->kinit_done)
++	status = pthread_mutex_lock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
++
++	if (ctxt->kinit_successful) {
++		status = pthread_mutex_unlock(&krb5cc_mutex);
++		if (status)
++			fatal(status);
+ 		return 0;
+-	ctxt->kinit_done = 1;
++	}
+ 
+ 	debug(logopt,
+ 	      "initializing kerberos ticket: client principal %s",
+@@ -423,15 +430,14 @@ sasl_do_kinit(unsigned logopt, struct lo
+ 	ret = krb5_init_context(&ctxt->krb5ctxt);
+ 	if (ret) {
+ 		error(logopt, "krb5_init_context failed with %d", ret);
+-		return -1;
++		goto out_unlock;
+ 	}
+ 
+ 	ret = krb5_cc_resolve(ctxt->krb5ctxt, krb5ccval, &ctxt->krb5_ccache);
+ 	if (ret) {
+ 		error(logopt, "krb5_cc_resolve failed with error %d",
+ 		      ret);
+-		krb5_free_context(ctxt->krb5ctxt);
+-		return -1;
++		goto out_free_context;
+ 	}
+ 
+ 	if (ctxt->client_princ) {
+@@ -515,19 +521,11 @@ sasl_do_kinit(unsigned logopt, struct lo
+ 		goto out_cleanup_unparse;
+ 	}
+ 
+-	status = pthread_mutex_lock(&krb5cc_mutex);
+-	if (status)
+-		fatal(status);
+-
+ 	if (krb5cc_in_use++ == 0)
+ 		/* tell the cache what the default principal is */
+ 		ret = krb5_cc_initialize(ctxt->krb5ctxt,
+ 				 ctxt->krb5_ccache, krb5_client_princ);
+ 
+-	status = pthread_mutex_unlock(&krb5cc_mutex);
+-	if (status)
+-		fatal(status);
+-
+ 	if (ret) {
+ 		error(logopt,
+ 		      "krb5_cc_initialize failed with error %d", ret);
+@@ -550,6 +548,10 @@ sasl_do_kinit(unsigned logopt, struct lo
+ 	}
+ 	ctxt->kinit_successful = 1;
+ 
++	status = pthread_mutex_unlock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
++
+ 	debug(logopt, "Kerberos authentication was successful!");
+ 
+ 	krb5_free_unparsed_name(ctxt->krb5ctxt, tgs_name);
+@@ -568,10 +570,6 @@ out_cleanup_unparse:
+ out_cleanup_client_princ:
+ 	krb5_free_principal(ctxt->krb5ctxt, krb5_client_princ);
+ out_cleanup_cc:
+-	status = pthread_mutex_lock(&krb5cc_mutex);
+-	if (status)
+-		fatal(status);
+-
+ 	if (krb5cc_in_use)
+ 		ret = krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+ 	else
+@@ -579,22 +577,21 @@ out_cleanup_cc:
+ 	if (ret)
+ 		warn(logopt,
+ 		     "krb5_cc_destroy failed with non-fatal error %d", ret);
+-
++out_free_context:
++	krb5_free_context(ctxt->krb5ctxt);
++out_unlock:
+ 	status = pthread_mutex_unlock(&krb5cc_mutex);
+ 	if (status)
+ 		fatal(status);
+-
+-	krb5_free_context(ctxt->krb5ctxt);
+-
+ 	return -1;
+ }
+ 
+ /*
+  *  Check a client given external credential cache.
+  *
+- *  Returns 0 upon success.  ctxt->kinit_done and ctxt->kinit_successful
+- *  are set for cleanup purposes.  The krb5 context and ccache entries in
+- *  the lookup_context are also filled in.
++ *  Returns 0 upon success.  ctxt->kinit_successful is set for cleanup
++ *  purposes.  The krb5 context and ccache entries in the lookup_context
++ *  are also filled in.
+  *
+  *  Upon failure, -1 is returned.
+  */
+@@ -605,10 +602,18 @@ sasl_do_kinit_ext_cc(unsigned logopt, st
+ 	krb5_principal krb5_client_princ;
+ 	krb5_error_code ret;
+ 	char *cc_princ, *client_princ;
++	int status;
++
++	status = pthread_mutex_lock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
+ 
+-	if (ctxt->kinit_done)
++	if (ctxt->kinit_successful) {
++		status = pthread_mutex_unlock(&krb5cc_mutex);
++		if (status)
++			fatal(status);
+ 		return 0;
+-	ctxt->kinit_done = 1;
++	}
+ 
+ 	debug(logopt,
+ 	      "using external credential cache for auth: client principal %s",
+@@ -617,33 +622,26 @@ sasl_do_kinit_ext_cc(unsigned logopt, st
+ 	ret = krb5_init_context(&ctxt->krb5ctxt);
+ 	if (ret) {
+ 		error(logopt, "krb5_init_context failed with %d", ret);
+-		return -1;
++		goto out_unlock;
+ 	}
+ 
+ 	ret = krb5_cc_resolve(ctxt->krb5ctxt, ctxt->client_cc, &ctxt->krb5_ccache);
+ 	if (ret) {
+ 		error(logopt, "krb5_cc_resolve failed with error %d",
+ 		      ret);
+-		krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-		krb5_free_context(ctxt->krb5ctxt);
+-		return -1;
++		goto out_cleanup_cc;
+ 	}
+ 
+ 	ret = krb5_cc_get_principal(ctxt->krb5ctxt, ctxt->krb5_ccache, &def_princ);
+ 	if (ret) {
+ 		error(logopt, "krb5_cc_get_principal failed with error %d", ret);
+-		krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-		krb5_free_context(ctxt->krb5ctxt);
+-		return -1;
++		goto out_cleanup_cc;
+ 	}
+ 
+ 	ret = krb5_unparse_name(ctxt->krb5ctxt, def_princ, &cc_princ);
+ 	if (ret) {
+ 		error(logopt, "krb5_unparse_name failed with error %d", ret);
+-		krb5_free_principal(ctxt->krb5ctxt, def_princ);
+-		krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-		krb5_free_context(ctxt->krb5ctxt);
+-		return -1;
++		goto out_cleanup_def_princ;
+ 	}
+ 
+ 	debug(logopt, "external credential cache default principal %s", cc_princ);
+@@ -666,10 +664,8 @@ sasl_do_kinit_ext_cc(unsigned logopt, st
+ 			error(logopt,
+ 			      "krb5_sname_to_principal failed for "
+ 			      "%s with error %d", default_client, ret);
+-			krb5_free_principal(ctxt->krb5ctxt, def_princ);
+-			krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-			krb5_free_context(ctxt->krb5ctxt);
+-			return -1;
++			krb5_free_unparsed_name(ctxt->krb5ctxt, cc_princ);
++			goto out_cleanup_def_princ;
+ 		}
+ 
+ 
+@@ -680,10 +676,8 @@ sasl_do_kinit_ext_cc(unsigned logopt, st
+ 			      "krb5_unparse_name failed with error %d",
+ 			      ret);
+ 			krb5_free_principal(ctxt->krb5ctxt, krb5_client_princ);
+-			krb5_free_principal(ctxt->krb5ctxt, def_princ);
+-			krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-			krb5_free_context(ctxt->krb5ctxt);
+-			return -1;
++			krb5_free_unparsed_name(ctxt->krb5ctxt, cc_princ);
++			goto out_cleanup_def_princ;
+ 		}
+ 
+ 		debug(logopt,
+@@ -710,10 +704,7 @@ sasl_do_kinit_ext_cc(unsigned logopt, st
+ 		if (!ctxt->client_princ)
+ 			krb5_free_unparsed_name(ctxt->krb5ctxt, client_princ);
+ 		krb5_free_unparsed_name(ctxt->krb5ctxt, cc_princ);
+-		krb5_free_principal(ctxt->krb5ctxt, def_princ);
+-		krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-		krb5_free_context(ctxt->krb5ctxt);
+-		return -1;
++		goto out_cleanup_def_princ;
+ 	}
+ 
+ 	if (!ctxt->client_princ)
+@@ -724,15 +715,24 @@ sasl_do_kinit_ext_cc(unsigned logopt, st
+ 	/* Set the environment variable to point to the external cred cache */
+ 	if (setenv(krb5ccenv, ctxt->client_cc, 1) != 0) {
+ 		error(logopt, "setenv failed with %d", errno);
+-		krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+-		krb5_free_context(ctxt->krb5ctxt);
+-		return -1;
++		goto out_cleanup_cc;
+ 	}
+ 	ctxt->kinit_successful = 1;
+ 
+ 	debug(logopt, "Kerberos authentication was successful!");
+ 
+ 	return 0;
++
++out_cleanup_def_princ:
++	krb5_free_principal(ctxt->krb5ctxt, def_princ);
++out_cleanup_cc:
++	krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
++	krb5_free_context(ctxt->krb5ctxt);
++out_unlock:
++	status = pthread_mutex_unlock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
++	return -1;
+ }
+ 
+ /*
+@@ -974,11 +974,19 @@ void autofs_sasl_dispose(struct ldap_con
+ {
+ 	int status, ret;
+ 
++	status = pthread_mutex_lock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
++
+ 	if (ctxt->sasl_mech && !strncmp(ctxt->sasl_mech, "EXTERNAL", 8)) {
+ 		if (conn && conn->ldap) {
+ 			ldap_unbind_s(conn->ldap);
+ 			conn->ldap = NULL;
++			ctxt->kinit_successful = 0;
+ 		}
++		status = pthread_mutex_unlock(&krb5cc_mutex);
++		if (status)
++			fatal(status);
+ 		return;
+ 	}
+ 
+@@ -988,10 +996,6 @@ void autofs_sasl_dispose(struct ldap_con
+ 	}
+ 
+ 	if (ctxt->kinit_successful) {
+-		status = pthread_mutex_lock(&krb5cc_mutex);
+-		if (status)
+-			fatal(status);
+-
+ 		if (--krb5cc_in_use || ctxt->client_cc)
+ 			ret = krb5_cc_close(ctxt->krb5ctxt, ctxt->krb5_ccache);
+ 		else 
+@@ -1000,19 +1004,18 @@ void autofs_sasl_dispose(struct ldap_con
+ 			logmsg("krb5_cc_destroy failed with non-fatal error %d",
+ 			     ret);
+ 
+-		status = pthread_mutex_unlock(&krb5cc_mutex);
+-		if (status)
+-			fatal(status);
+-
+ 		krb5_free_context(ctxt->krb5ctxt);
+ 		if (unsetenv(krb5ccenv) != 0)
+ 			logerr("unsetenv failed with error %d", errno);
+ 
+ 		ctxt->krb5ctxt = NULL;
+ 		ctxt->krb5_ccache = NULL;
+-		ctxt->kinit_done = 0;
+ 		ctxt->kinit_successful = 0;
+ 	}
++
++	status = pthread_mutex_unlock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
+ }
+ 
+ static void *sasl_mutex_new(void)

autofs-5.1.6-ldap-schema-fix.patch

@@ -0,0 +1,52 @@
+autofs-5.1.6 - samples/ldap.schema fix
+
+From: Michael Peek <peek@nimbios.org>
+
+This bug starts with version 5.1.3, and continues up to and including
+the latest 5.1.6.  Version 5.1.2 was fine.
+
+When slapd is invoked while including the sample LDAP schema file
+autofs.schema, slapd will crash with the following error:
+
+5f359370 /<path-to>/autofs.schema: line 14 attributetype:
+AttributeType inappropriate matching rule: "caseExactMatch"
+
+The problem is on line 13, which reads:
+
+  EQUALITY caseExactMatch
+
+It should read:
+
+  EQUALITY caseExactIA5Match
+
+Attached is a patch that will make the necessary change to
+samples/autofs.schema that works for all versions 5.1.3 to 5.1.6.
+
+Signed-off-by: Michael Peek <peek@nimbios.org>
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG             |    1 +
+ samples/autofs.schema |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- autofs-5.1.6.orig/CHANGELOG
++++ autofs-5.1.6/CHANGELOG
+@@ -13,6 +13,7 @@ xx/xx/2020 autofs-5.1.7
+ - fix autofs mount options construction.
+ - mount_nfs.c fix local rdma share not mounting.
+ - fix ldap sasl reconnect problem.
++- samples/ldap.schema fix.
+ 
+ 07/10/2019 autofs-5.1.6
+ - support strictexpire mount option.
+--- autofs-5.1.6.orig/samples/autofs.schema
++++ autofs-5.1.6/samples/autofs.schema
+@@ -10,7 +10,7 @@
+ 
+ attributetype ( 1.3.6.1.4.1.2312.4.1.2 NAME 'automountInformation'
+ 	DESC 'Information used by the autofs automounter'
+-	EQUALITY caseExactMatch
++	EQUALITY caseExactIA5Match
+ 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+ 
+ objectclass ( 1.3.6.1.4.1.2312.4.2.3 NAME 'automount' SUP top STRUCTURAL

autofs-5.1.6-mount_nfs_c-fix-local-rdma-share-not-mounting.patch

@@ -0,0 +1,54 @@
+autofs-5.1.6 - mount_nfs.c fix local rdma share not mounting
+
+From: Achilles Gaikwad <agaikwad@redhat.com>
+
+When using the same system as nfs-server and nfs-client, and
+using `nobind` option for autofs we would fall to the code where
+we let `mount.nfs(8)` to handle the mount. However, when the
+nfs-server and the nfs-client is the same system we end up calling
+`rpc_ping` which gives negative return code. Due to this we fall to
+the label next: and never attempt a mount of nfs share.
+This patch fixes this BUG by not probing rpc_ping if we're
+using rdma.
+
+Signed-off-by: Achilles Gaikwad <agaikwad@redhat.com>
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/mount_nfs.c |   11 ++++++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 2565b04d..4dc1b179 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -11,6 +11,7 @@ xx/xx/2020 autofs-5.1.7
+ - initialize struct addrinfo for getaddrinfo() calls.
+ - fix quoted string length calc in expandsunent().
+ - fix autofs mount options construction.
++- mount_nfs.c fix local rdma share not mounting.
+ 
+ 07/10/2019 autofs-5.1.6
+ - support strictexpire mount option.
+diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
+index 4e3e703f..f1b3fb3a 100644
+--- a/modules/mount_nfs.c
++++ b/modules/mount_nfs.c
+@@ -375,9 +375,14 @@ dont_probe:
+ 		 */
+ 		if (this->proximity == PROXIMITY_LOCAL) {
+ 			char *host = this->name ? this->name : "localhost";
+-			int ret;
+-
+-			ret = rpc_ping(host, port, vers, 2, 0, RPC_CLOSE_DEFAULT);
++			int ret = 1;
++
++			/* If we're using RDMA, rpc_ping will fail when
++			 * nfs-server is local. Therefore, don't probe
++			 * when we're using RDMA.
++			 */
++			if(!rdma)
++				ret = rpc_ping(host, port, vers, 2, 0, RPC_CLOSE_DEFAULT);
+ 			if (ret <= 0)
+ 				goto next;
+ 		}

autofs.spec

@@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.6
-Release: 8%{?dist}
+Release: 9%{?dist}
 Epoch: 1
 License: GPLv2+
 Source: https://www.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}.tar.gz
@@ -26,6 +26,9 @@ Patch011: autofs-5.1.6-initialize-struct-addrinfo-for-getaddrinfo-calls.patch
 Patch012: autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch
 Patch013: autofs-5.1.6-fix-double-quoting-of-ampersand-in-auto.smb-as-well.patch
 Patch014: autofs-5.1.6-fix-autofs-mount-options-construction.patch
+Patch015: autofs-5.1.6-mount_nfs_c-fix-local-rdma-share-not-mounting.patch
+Patch016: autofs-5.1.6-fix-ldap-sasl-reconnect-problem.patch
+Patch017: autofs-5.1.6-ldap-schema-fix.patch
 
 %if %{with_systemd}
 BuildRequires: systemd-units
@@ -100,6 +103,9 @@ echo %{version}-%{release} > .version
 %patch012 -p1
 %patch013 -p1
 %patch014 -p1
+%patch015 -p1
+%patch016 -p1
+%patch017 -p1
 
 %build
 LDFLAGS=-Wl,-z,now
@@ -199,6 +205,11 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Tue Aug 25 2020 Ian Kent <ikent@redhat.com> - 1:5.1.6-9
+- mount_nfs.c fix local rdma share not mounting.
+- fix ldap sasl reconnect problem.
+- samples/ldap.schema fix.
+
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.1.6-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild