fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on

Resolves: #960222
2013-05-09 09:32:49 +02:00 · 2013-05-09 09:32:49 +02:00 · ff5c1adb2a
commit ff5c1adb2a
parent 05278cd506
2 changed files with 59 additions and 0 deletions
--- a/openldap-ldapi-sasl.patch
+++ b/openldap-ldapi-sasl.patch
@ -0,0 +1,55 @@
+From 69709289b083c53ba41d2cef7d65120220f8c59b Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 7 May 2013 17:02:57 +0200
+Subject: [PATCH] LDAPI SASL fix
+
+Resolves: #960222
+---
+ libraries/libldap/cyrus.c | 19 ++++++++++++++++---
+ 1 Datei geändert, 16 Zeilen hinzugefügt(+), 3 Zeilen entfernt(-)
+
+diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
+index 28c241b..a9acf36 100644
+--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
+@@ -394,6 +394,8 @@ ldap_int_sasl_bind(
+ 	struct berval	ccred = BER_BVNULL;
+ 	int saslrc, rc;
+ 	unsigned credlen;
+	char my_hostname[HOST_NAME_MAX + 1];
+	int free_saslhost = 0;
+ 
+ 	Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n",
+ 		mechs ? mechs : "<null>", 0, 0 );
+@@ -454,14 +456,25 @@ ldap_int_sasl_bind(
+ 
+ 			/* If we don't need to canonicalize just use the host
+ 			 * from the LDAP URI.
+			 * Always use the result of gethostname() for LDAPI.
+ 			 */
+-			if ( nocanon )
+			if (ld->ld_defconn->lconn_server->lud_scheme != NULL &&
+			    strcmp("ldapi", ld->ld_defconn->lconn_server->lud_scheme) == 0) {
+				rc = gethostname(my_hostname, HOST_NAME_MAX + 1);
+				if (rc == 0) {
+					saslhost = my_hostname;
+				} else {
+					saslhost = "localhost";
+				}
+			} else if ( nocanon )
+ 				saslhost = ld->ld_defconn->lconn_server->lud_host;
+-			else 
+			else {
+ 				saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
+ 				"localhost" );
+				free_saslhost = 1;
+			}
+ 			rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
+-			if ( !nocanon )
+			if ( free_saslhost )
+ 				LDAP_FREE( saslhost );
+ 		}
+ 
+-- 
+1.7.11.7
+
--- a/openldap.spec
+++ b/openldap.spec
@ -50,6 +50,8 @@ Patch18: openldap-doc2.patch
 # the proper fix is to link all perl modules against libperl
 # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
 Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
+# ldapi sasl fix pending upstream inclusion
+Patch20: openldap-ldapi-sasl.patch

 # Fedora specific patches
 Patch100: openldap-autoconf-pkgconfig-nss.patch
@ -168,6 +170,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
+%patch20 -p1

 %patch102 -p1

@ -599,6 +602,7 @@ exit 0
 %changelog
 * Thu May 09 2013 Jan Synáček <jsynacek@redhat.com> 2.4.35-4
 - do not needlessly run ldconfig after installing openldap-devel
+- fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on (#960222)
 - fix: lt_dlopen() with back_perl (#960048)

 * Tue Apr 09 2013 Jan Synáček <jsynacek@redhat.com> 2.4.35-3