[packages/autofs.git] / autofs-5.0.2-add-multiple-server-selection-option-fix.patch

diff --git a/CHANGELOG b/CHANGELOG
index a9e509d..85af0ad 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -49,6 +49,7 @@
 - fix incorrect read/write size of startup status token (Matthias Koenig).
 - fix off-by-one error for lookup of map keys exactly 255 characters long.
 - improve handling of server not available.
+- fix LDAP_URI server selection.
 
 18/06/2007 autofs-5.0.2
 -----------------------
diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
index 18733f3..303b7f2 100644
--- a/modules/cyrus-sasl.c
+++ b/modules/cyrus-sasl.c
@@ -75,6 +75,7 @@ static const char *krb5ccval = "MEMORY:_autofstkt";
 static pthread_mutex_t krb5cc_mutex = PTHREAD_MUTEX_INITIALIZER;
 static unsigned int krb5cc_in_use = 0;
 
+static unsigned int init_callbacks = 1;
 static int sasl_log_func(void *, int, const char *);
 static int getpass_func(sasl_conn_t *, void *, int, sasl_secret_t **);
 static int getuser_func(void *, int, const char **, unsigned *);
@@ -386,7 +387,7 @@ sasl_do_kinit(unsigned logopt, struct lookup_context *ctxt)
 
        debug(logopt,
              "initializing kerberos ticket: client principal %s ",
-             ctxt->client_princ ? "" : "autofsclient");
+             ctxt->client_princ ? ctxt->client_princ : "autofsclient");
 
        ret = krb5_init_context(&ctxt->krb5ctxt);
        if (ret) {
@@ -599,8 +600,8 @@ sasl_bind_mech(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt, const c
 
        /* OK and CONTINUE are the only non-fatal return codes here. */
        if ((result != SASL_OK) && (result != SASL_CONTINUE)) {
-               error(logopt, "sasl_client start failed with error: %s",
-                     sasl_errdetail(conn));
+               warn(logopt, "sasl_client_start failed for %s", host);
+               debug(logopt, "sasl_client_start: %s", sasl_errdetail(conn));
                ldap_memfree(host);
                sasl_dispose(&conn);
                return NULL;
@@ -721,23 +722,30 @@ autofs_sasl_init(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
        sasl_conn_t *conn;
 
        /* Start up Cyrus SASL--only needs to be done once. */
-       if (sasl_client_init(callbacks) != SASL_OK) {
+       if (init_callbacks && sasl_client_init(callbacks) != SASL_OK) {
                error(logopt, "sasl_client_init failed");
                return -1;
        }
+       init_callbacks = 0;
 
        sasl_auth_id = ctxt->user;
        sasl_auth_secret = ctxt->secret;
 
        /*
-        *  If sasl_mech was not filled in, it means that there was no
-        *  mechanism specified in the configuration file.  Try to auto-
-        *  select one.
+        *  If LDAP_AUTH_AUTODETECT is set, it means that there was no
+        *  mechanism specified in the configuration file or auto
+        *  selection has been requested, so try to auto-select an
+        *  auth mechanism.
         */
-       if (ctxt->sasl_mech)
+       if (!(ctxt->auth_required & LDAP_AUTH_AUTODETECT))
                conn = sasl_bind_mech(logopt, ldap, ctxt, ctxt->sasl_mech);
-       else
+       else {
+               if (ctxt->sasl_mech) {
+                       free(ctxt->sasl_mech);
+                       ctxt->sasl_mech = NULL;
+               }
                conn = sasl_choose_mech(logopt, ldap, ctxt);
+       }
 
        if (conn) {
                sasl_dispose(&conn);
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
index 7effbf1..93f0477 100644
--- a/modules/lookup_ldap.c
+++ b/modules/lookup_ldap.c
@@ -402,8 +402,7 @@ static int do_bind(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
        debug(logopt, MODPREFIX "auth_required: %d, sasl_mech %s",
              ctxt->auth_required, ctxt->sasl_mech);
 
-       if (ctxt->sasl_mech ||
-          (ctxt->auth_required & (LDAP_AUTH_REQUIRED|LDAP_AUTH_AUTODETECT))) {
+       if (ctxt->auth_required & (LDAP_AUTH_REQUIRED|LDAP_AUTH_AUTODETECT)) {
                rv = autofs_sasl_bind(logopt, ldap, ctxt);
                debug(logopt, MODPREFIX "autofs_sasl_bind returned %d", rv);
        } else {
@@ -497,7 +496,7 @@ static LDAP *connect_to_server(unsigned logopt, const char *uri, struct lookup_c
         * Determine which authentication mechanism to use if we require
         * authentication.
         */
-       if (ctxt->auth_required & LDAP_AUTH_REQUIRED) {
+       if (ctxt->auth_required & (LDAP_AUTH_REQUIRED|LDAP_AUTH_AUTODETECT)) {
                ldap = auth_init(logopt, uri, ctxt);
                if (!ldap && ctxt->auth_required & LDAP_AUTH_AUTODETECT)
                        info(logopt,
@@ -510,6 +509,7 @@ static LDAP *connect_to_server(unsigned logopt, const char *uri, struct lookup_c
 
                if (!do_bind(logopt, ldap, ctxt)) {
                        unbind_ldap_connection(logopt, ldap, ctxt);
+                       autofs_sasl_done(ctxt);
                        error(logopt, MODPREFIX "cannot bind to server");
                        return NULL;
                }
@@ -541,6 +541,7 @@ static LDAP *find_server(unsigned logopt, struct lookup_context *ctxt)
        while(p != ctxt->uri) {
                this = list_entry(p, struct ldap_uri, list);
                p = p->next;
+               debug(logopt, "trying server %s", this->uri);
                ldap = connect_to_server(logopt, this->uri, ctxt);
                if (ldap) {
                        info(logopt, "connected to uri %s", this->uri);
@@ -563,22 +564,23 @@ static LDAP *find_server(unsigned logopt, struct lookup_context *ctxt)
 
 static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt)
 {
+       struct ldap_uri *this;
        LDAP *ldap;
 
        if (ctxt->server || !ctxt->uri) {
                ldap = do_connect(logopt, ctxt->server, ctxt);
                return ldap;
-       } else {
-               struct ldap_uri *this;
-               this = list_entry(ctxt->uri->next, struct ldap_uri, list);
-               ldap = do_connect(logopt, this->uri, ctxt);
-               if (ldap)
-                       return ldap;
-               /* Failed to connect, put at end of list */
-               list_del_init(&this->list);
-               list_add_tail(&this->list, ctxt->uri);
        }
 
+       this = list_entry(ctxt->uri->next, struct ldap_uri, list);
+       ldap = do_connect(logopt, this->uri, ctxt);
+       if (ldap)
+               return ldap;
+
+       /* Failed to connect, put at end of list */
+       list_del_init(&this->list);
+       list_add_tail(&this->list, ctxt->uri);
+
 #ifdef WITH_SASL
        autofs_sasl_done(ctxt);
 #endif
@@ -844,6 +846,8 @@ int parse_ldap_config(unsigned logopt, struct lookup_context *ctxt)
        ctxt->tls_required = tls_required;
        ctxt->auth_required = auth_required;
        ctxt->sasl_mech = authtype;
+       if (!authtype && (auth_required & LDAP_AUTH_REQUIRED))
+               ctxt->auth_required |= LDAP_AUTH_AUTODETECT;
        ctxt->user = user;
        ctxt->secret = secret;
        ctxt->client_princ = client_princ;
@@ -886,16 +890,6 @@ static LDAP *auth_init(unsigned logopt, const char *uri, struct lookup_context *
        int ret;
        LDAP *ldap;
 
-       /*
-        *  First, check to see if a preferred authentication method was
-        *  specified by the user.  parse_ldap_config will return error
-        *  if the permissions on the file were incorrect, or if the
-        *  specified authentication type is not valid.
-        */
-       ret = parse_ldap_config(logopt, ctxt);
-       if (ret)
-               return NULL;
-
        ldap = init_ldap_connection(logopt, uri, ctxt);
        if (!ldap)
                return NULL;
@@ -909,10 +903,8 @@ static LDAP *auth_init(unsigned logopt, const char *uri, struct lookup_context *
         *  the credential cache and the client and service principals.
         */
        ret = autofs_sasl_init(logopt, ldap, ctxt);
-       if (ret) {
-               ctxt->sasl_mech = NULL;
+       if (ret)
                return NULL;
-       }
 
        return ldap;
 }
@@ -1134,6 +1126,8 @@ static void free_context(struct lookup_context *ctxt)
                free(ctxt->user);
        if (ctxt->secret)
                free(ctxt->secret);
+       if (ctxt->client_princ)
+               free(ctxt->client_princ);
        if (ctxt->mapname)
                free(ctxt->mapname);
        if (ctxt->qdn)
@@ -1184,6 +1178,7 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
        struct lookup_context *ctxt;
        char buf[MAX_ERR_BUF];
        LDAP *ldap = NULL;
+       int ret;
 
        *context = NULL;
 
@@ -1224,6 +1219,20 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
                }
        }
 
+#ifdef WITH_SASL
+       /*
+        *  First, check to see if a preferred authentication method was
+        *  specified by the user.  parse_ldap_config will return error
+        *  if the permissions on the file were incorrect, or if the
+        *  specified authentication type is not valid.
+        */
+       ret = parse_ldap_config(LOGOPT_NONE, ctxt);
+       if (ret) {
+               free_context(ctxt);
+               return 1;
+       }
+#endif
+
        if (ctxt->server || !ctxt->uri) {
                ldap = connect_to_server(LOGOPT_NONE, ctxt->server, ctxt);
                if (!ldap) {