6786011 LDAP SASL bind operation should not disable metaslot globally

3 files changed, 6 insertions, 53 deletions

diff --git a/usr/src/lib/libsldap/common/ns_connect.c b/usr/src/lib/libsldap/common/ns_connect.c
index 5e3ad10bf7..aa7a7a5e19 100644
--- a/usr/src/lib/libsldap/common/ns_connect.c
+++ b/usr/src/lib/libsldap/common/ns_connect.c
@@ -20,8 +20,7 @@
  */
 
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <stdlib.h>
@@ -2548,19 +2547,6 @@ doSASLBind(const ns_cred_t *auth,
 		free(digest_md5_name);
 		break;
 	case NS_LDAP_SASL_GSSAPI:
-		if (sasl_gssapi_inited == 0) {
-			ret_code = __s_api_sasl_gssapi_init();
-			if (ret_code != NS_LDAP_SUCCESS) {
-				(void) snprintf(errstr, sizeof (errstr),
-				    gettext("openConnection: "
-				    "GSSAPI initialization "
-				    "failed"));
-				(void) ldap_unbind(ld);
-				MKERROR(LOG_WARNING, *errorp, ret_code,
-				    strdup(errstr), NS_LDAP_MEMORY);
-				return (ret_code);
-			}
-		}
 		(void) memset(&sasl_param, 0,
 		    sizeof (ns_sasl_cb_param_t));
 		sasl_param.authid = NULL;
diff --git a/usr/src/lib/libsldap/common/ns_internal.h b/usr/src/lib/libsldap/common/ns_internal.h
index 8026f150bc..bc46e6df6e 100644
--- a/usr/src/lib/libsldap/common/ns_internal.h
+++ b/usr/src/lib/libsldap/common/ns_internal.h
@@ -18,6 +18,7 @@
  *
  * CDDL HEADER END
  */
+
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  */
@@ -727,9 +728,6 @@ typedef struct ns_sasl_cb_param {
 	char	*realm;
 } ns_sasl_cb_param_t;
 
-/* self/sasl/gssapi variable */
-extern int sasl_gssapi_inited;
-
 /* Multiple threads per connection variable */
 extern int MTperConn;
 
@@ -941,7 +939,6 @@ int		__s_api_sasl_bind_callback(
 			void		*in);
 
 int		__s_api_self_gssapi_only_get(void);
-int		__s_api_sasl_gssapi_init(void);
 
 int		__print2buf(LineBuf *line, const char *toprint, char *sep);
 
diff --git a/usr/src/lib/libsldap/common/ns_sasl.c b/usr/src/lib/libsldap/common/ns_sasl.c
index 0c1c458686..6e219c86b1 100644
--- a/usr/src/lib/libsldap/common/ns_sasl.c
+++ b/usr/src/lib/libsldap/common/ns_sasl.c
@@ -18,9 +18,9 @@
  *
  * CDDL HEADER END
  */
+
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <stdio.h>
@@ -58,38 +58,6 @@ static mutex_t self_gssapi_only_lock = DEFAULTMUTEX;
 #define	CLIENT_FPRINTF if (mode_verbose && !mode_quiet) (void) fprintf
 
 /*
- * One time initializtion
- */
-int		sasl_gssapi_inited = 0;
-static mutex_t	sasl_gssapi_lock = DEFAULTMUTEX;
-int
-__s_api_sasl_gssapi_init(void) {
-	int rc = NS_LDAP_SUCCESS;
-	(void) mutex_lock(&sasl_gssapi_lock);
-	if (!sasl_gssapi_inited) {
-			if (getuid() == 0) {
-				if (system(
-					"/usr/sbin/cryptoadm disable metaslot")
-					== 0) {
-					syslog(LOG_WARNING,
-						"libsldap: Metaslot disabled "
-						"for self credential mode");
-					sasl_gssapi_inited = 1;
-				} else {
-					syslog(LOG_ERR,
-						"libsldap: Can't disable "
-						"Metaslot for self credential "
-						"mode");
-					rc = NS_LDAP_INTERNAL;
-				}
-			}
-	}
-	(void) mutex_unlock(&sasl_gssapi_lock);
-
-	return (rc);
-}
-
-/*
  * nscd calls this function to set self_gssapi_only flag so libsldap performs
  * sasl/GSSAPI bind only. Also see comments of __ns_ldap_self_gssapi_config.
  *
@@ -102,6 +70,7 @@ __ns_ldap_self_gssapi_only_set(int flag) {
 	self_gssapi_only = flag;
 	(void) mutex_unlock(&self_gssapi_only_lock);
 }
+
 /*
  * Get the flag value of self_gssapi_only
  */
@@ -113,6 +82,7 @@ __s_api_self_gssapi_only_get(void) {
 	(void) mutex_unlock(&self_gssapi_only_lock);
 	return (flag);
 }
+
 /*
  * nscd calls this function to detect the current native ldap configuration.
  * The output are