diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/cmd/nscd/nscd_cfgdef.h | 13 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_config.h | 5 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_getentctx.c | 127 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_selfcred.c | 183 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_switch.c | 9 | ||||
| -rw-r--r-- | usr/src/cmd/nscd/nscd_switch.h | 6 | ||||
| -rw-r--r-- | usr/src/lib/libsldap/common/ns_common.c | 2 | ||||
| -rw-r--r-- | usr/src/lib/libsldap/common/ns_config.c | 2 | ||||
| -rw-r--r-- | usr/src/lib/libsldap/common/ns_connect.c | 11 | ||||
| -rwxr-xr-x | usr/src/lib/libsldap/common/ns_connmgmt.c | 1 | ||||
| -rw-r--r-- | usr/src/lib/libsldap/common/ns_standalone.c | 25 |
11 files changed, 223 insertions, 161 deletions
diff --git a/usr/src/cmd/nscd/nscd_cfgdef.h b/usr/src/cmd/nscd/nscd_cfgdef.h index 1f770a56b0..f503dfbfea 100644 --- a/usr/src/cmd/nscd/nscd_cfgdef.h +++ b/usr/src/cmd/nscd/nscd_cfgdef.h @@ -385,18 +385,6 @@ static nscd_cfg_param_desc_t _nscd_cfg_param_desc[] = { NSCD_CFG_FUNC_VERIFY_AS_GROUP), NSCD_CFG_PARAM_DESC( - "max-per-user-nscd", - NSCD_CFG_DATA_INTEGER, - NSCD_CFG_PFLAG_GLOBAL, - max_per_user_nscd, - nscd_cfg_global_selfcred_t, - sc, - nscd_cfg_global_data_t, - NULL, - NSCD_CFG_FUNC_NOTIFY_AS_GROUP, - NSCD_CFG_FUNC_VERIFY_AS_GROUP), - - NSCD_CFG_PARAM_DESC( "per-user-nscd-ttl", NSCD_CFG_DATA_INTEGER, NSCD_CFG_PFLAG_GLOBAL, @@ -792,7 +780,6 @@ static nscd_cfg_global_data_t nscd_cfg_global_default = { NSCD_CFG_GROUP_INFO_GLOBAL_SELFCRED, nscd_true, /* enable_selfcred */ - 1000, /* max_per_user_nscd */ 120, /* per_user_nscd_ttl: 120 seconds */ }, diff --git a/usr/src/cmd/nscd/nscd_config.h b/usr/src/cmd/nscd/nscd_config.h index ad81004083..d2c7135e40 100644 --- a/usr/src/cmd/nscd/nscd_config.h +++ b/usr/src/cmd/nscd/nscd_config.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -365,11 +365,10 @@ typedef struct { /* * self credential param group (global) */ -#define NSCD_CFG_GROUP_INFO_GLOBAL_SELFCRED {3, 0x0007} +#define NSCD_CFG_GROUP_INFO_GLOBAL_SELFCRED {2, 0x0003} typedef struct { nscd_cfg_group_info_t gi; nscd_bool_t enable_selfcred; - int max_per_user_nscd; int per_user_nscd_ttl; } nscd_cfg_global_selfcred_t; diff --git a/usr/src/cmd/nscd/nscd_getentctx.c b/usr/src/cmd/nscd/nscd_getentctx.c index db2e16d684..023e8d7f1d 100644 --- a/usr/src/cmd/nscd/nscd_getentctx.c +++ b/usr/src/cmd/nscd/nscd_getentctx.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -102,7 +102,7 @@ _nscd_add_getent_ctx( nscd_cookie_num_t cookie_num) { int size; - char buf[2 * sizeof (cookie_num) + 1]; + char buf[32]; nscd_db_entry_t *db_entry; nscd_getent_ctx_t *gnctx; @@ -114,7 +114,7 @@ _nscd_add_getent_ctx( size = sizeof (*gnctx); db_entry = _nscd_alloc_db_entry(NSCD_DATA_CTX_ADDR, - (const char *)buf, size, 1, 1); + (const char *)buf, size, 1, 1); if (db_entry == NULL) return (NSCD_NO_MEMORY); @@ -124,7 +124,7 @@ _nscd_add_getent_ctx( (void) rw_wrlock(&getent_ctxDB_rwlock); (void) _nscd_add_db_entry(getent_ctxDB, buf, db_entry, - NSCD_ADD_DB_ENTRY_FIRST); + NSCD_ADD_DB_ENTRY_FIRST); (void) rw_unlock(&getent_ctxDB_rwlock); return (NSCD_SUCCESS); @@ -140,7 +140,7 @@ nscd_getent_context_t * _nscd_is_getent_ctx( nscd_cookie_num_t cookie_num) { - char ptrstr[1 + 2 * sizeof (cookie_num)]; + char ptrstr[32]; const nscd_db_entry_t *db_entry; nscd_getent_context_t *ret = NULL; @@ -149,7 +149,7 @@ _nscd_is_getent_ctx( (void) rw_rdlock(&getent_ctxDB_rwlock); db_entry = _nscd_get_db_entry(getent_ctxDB, NSCD_DATA_CTX_ADDR, - (const char *)ptrstr, NSCD_GET_FIRST_DB_ENTRY, 0); + (const char *)ptrstr, NSCD_GET_FIRST_DB_ENTRY, 0); if (db_entry != NULL) { nscd_getent_ctx_t *gnctx; @@ -157,12 +157,19 @@ _nscd_is_getent_ctx( gnctx = (nscd_getent_ctx_t *)*(db_entry->data_array); /* - * If the ctx is not to be deleted and - * the cookie numbers match, return the ctx. + * If the ctx is not to be deleted and the cookie number + * match, return the ctx if not aborted and not in use, * Otherwise return NULL. */ - if (gnctx->to_delete == 0 && gnctx->cookie_num == cookie_num) + if (gnctx->to_delete == 0 && gnctx->cookie_num == cookie_num) { ret = gnctx->ptr; + (void) mutex_lock(&gnctx->ptr->getent_mutex); + if (ret->aborted == 1 || ret->in_use == 1) + ret = NULL; + else + ret->in_use = 1; + (void) mutex_unlock(&gnctx->ptr->getent_mutex); + } } (void) rw_unlock(&getent_ctxDB_rwlock); @@ -171,6 +178,34 @@ _nscd_is_getent_ctx( } /* + * FUNCTION: _nscd_free_ctx_if_aborted + * + * Check to see if the getent session associated with a getent context had + * been aborted. If so, return the getent context back to the pool. + */ +void +_nscd_free_ctx_if_aborted( + nscd_getent_context_t *ctx) +{ + int aborted; + char *me = "_nscd_free_ctx_if_aborted"; + + if (ctx->in_use != 1) + return; + + (void) mutex_lock(&ctx->getent_mutex); + aborted = ctx->aborted; + (void) mutex_unlock(&ctx->getent_mutex); + + if (aborted == 1) { + _NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG) + (me, "getent session aborted, return the getent context\n"); + _nscd_put_getent_ctx(ctx); + } + ctx->in_use = 0; +} + +/* * FUNCTION: _nscd_del_getent_ctx * * Delete a getent context from the internal getent context database. @@ -180,7 +215,7 @@ _nscd_del_getent_ctx( nscd_getent_context_t *ptr, nscd_cookie_num_t cookie_num) { - char ptrstr[1 + 2 * sizeof (cookie_num)]; + char ptrstr[32]; nscd_getent_ctx_t *gnctx; const nscd_db_entry_t *db_entry; @@ -196,9 +231,9 @@ _nscd_del_getent_ctx( * the database. */ db_entry = _nscd_get_db_entry(getent_ctxDB, - NSCD_DATA_CTX_ADDR, - (const char *)ptrstr, - NSCD_GET_FIRST_DB_ENTRY, 0); + NSCD_DATA_CTX_ADDR, + (const char *)ptrstr, + NSCD_GET_FIRST_DB_ENTRY, 0); if (db_entry != NULL) { gnctx = (nscd_getent_ctx_t *)*(db_entry->data_array); if (gnctx->ptr == ptr && gnctx->cookie_num == cookie_num) { @@ -207,9 +242,9 @@ _nscd_del_getent_ctx( (void) rw_wrlock(&getent_ctxDB_rwlock); (void) _nscd_delete_db_entry(getent_ctxDB, - NSCD_DATA_CTX_ADDR, - (const char *)ptrstr, - NSCD_DEL_FIRST_DB_ENTRY, 0); + NSCD_DATA_CTX_ADDR, + (const char *)ptrstr, + NSCD_DEL_FIRST_DB_ENTRY, 0); } } (void) rw_unlock(&getent_ctxDB_rwlock); @@ -272,7 +307,7 @@ _nscd_free_all_getent_ctx_base() continue; nscd_getent_ctx_base[i] = (nscd_getent_ctx_base_t *) - _nscd_set((nscd_acc_data_t *)base, NULL); + _nscd_set((nscd_acc_data_t *)base, NULL); } (void) rw_unlock(&nscd_getent_ctx_base_lock); } @@ -296,6 +331,7 @@ _nscd_create_getent_ctx( gnctx->dbi = params->dbi; gnctx->cookie_num = _nscd_get_cookie_num(); gnctx->pid = -1; + (void) mutex_init(&gnctx->getent_mutex, USYNC_THREAD, NULL); if (_nscd_get_nsw_state(&db_root, params) != NSCD_SUCCESS) { free(gnctx); @@ -338,7 +374,7 @@ _nscd_get_getent_ctx( * available' signal. */ tmp = (nscd_getent_ctx_base_t *)_nscd_mutex_lock( - (nscd_acc_data_t *)base); + (nscd_acc_data_t *)base); assert(base == tmp); if (base->first == NULL) { if (base->num_getent_ctx == base->max_getent_ctx) { @@ -346,13 +382,13 @@ _nscd_get_getent_ctx( while (base->first == NULL) { _NSCD_LOG(NSCD_LOG_GETENT_CTX, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "waiting for signal\n"); _nscd_cond_wait((nscd_acc_data_t *)base, NULL); _NSCD_LOG(NSCD_LOG_GETENT_CTX, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "woke up\n"); } base->num_waiter--; @@ -365,7 +401,7 @@ _nscd_get_getent_ctx( /* not able to create an getent ctx */ _NSCD_LOG(NSCD_LOG_GETENT_CTX, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "create getent ctx failed\n"); _nscd_mutex_unlock((nscd_acc_data_t *)base); @@ -383,6 +419,7 @@ _nscd_get_getent_ctx( base->first = c->next; c->next = NULL; c->seq_num = 1; + c->in_use = 1; _NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG) (me, "got a getent ctx %p\n", c); @@ -444,11 +481,13 @@ _nscd_put_getent_ctx( _nscd_put_nsw_state(gnctx->nsw_state); gnctx->nsw_state = NULL; + gnctx->aborted = 0; + gnctx->in_use = 0; _nscd_del_getent_ctx(gnctx, gnctx->cookie_num); _NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG) (me, "ctx (%p, cookie # = %lld) removed from getent ctx DB\n", - gnctx, gnctx->cookie_num); + gnctx, gnctx->cookie_num); if (base->num_waiter > 0) { _NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG) @@ -472,10 +511,10 @@ _nscd_init_getent_ctx_base( (void) rw_rdlock(&nscd_getent_ctx_base_lock); base = (nscd_getent_ctx_base_t *)_nscd_alloc( - NSCD_DATA_GETENT_CTX_BASE, - sizeof (nscd_getent_ctx_base_t), - _nscd_free_getent_ctx_base, - NSCD_ALLOC_MUTEX | NSCD_ALLOC_COND); + NSCD_DATA_GETENT_CTX_BASE, + sizeof (nscd_getent_ctx_base_t), + _nscd_free_getent_ctx_base, + NSCD_ALLOC_MUTEX | NSCD_ALLOC_COND); if (base == NULL) { if (lock) @@ -491,9 +530,9 @@ _nscd_init_getent_ctx_base( base->dbi = dbi; base->max_getent_ctx = NSCD_SW_CFG(dbi).max_getent_ctx_per_db; nscd_getent_ctx_base[dbi] = - (nscd_getent_ctx_base_t *)_nscd_set( - (nscd_acc_data_t *)nscd_getent_ctx_base[dbi], - (nscd_acc_data_t *)base); + (nscd_getent_ctx_base_t *)_nscd_set( + (nscd_acc_data_t *)nscd_getent_ctx_base[dbi], + (nscd_acc_data_t *)base); if (lock) (void) rw_unlock(&nscd_getent_ctx_base_lock); @@ -534,7 +573,7 @@ _nscd_alloc_getent_ctx_base() (void) rw_wrlock(&nscd_getent_ctx_base_lock); nscd_getent_ctx_base = calloc(NSCD_NUM_DB, - sizeof (nscd_getent_ctx_base_t *)); + sizeof (nscd_getent_ctx_base_t *)); if (nscd_getent_ctx_base == NULL) { (void) rw_unlock(&nscd_getent_ctx_base_lock); return (NSCD_NO_MEMORY); @@ -582,7 +621,7 @@ reclaim_getent_ctx(void *arg) (void) rw_rdlock(&getent_ctxDB_rwlock); for (ep = _nscd_walk_db(getent_ctxDB, &cookie); ep != NULL; - ep = _nscd_walk_db(getent_ctxDB, &cookie)) { + ep = _nscd_walk_db(getent_ctxDB, &cookie)) { ctx = (nscd_getent_ctx_t *)*(ep->data_array); @@ -595,13 +634,13 @@ reclaim_getent_ctx(void *arg) if (gctx->pid != -1 && process_exited(gctx->pid)) { _NSCD_LOG(NSCD_LOG_GETENT_CTX, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "process %d exited, " - "getent context = %p, " - "db index = %d, cookie # = %lld, " - "sequence # = %lld\n", - gctx->pid, gctx, gctx->dbi, - gctx->cookie_num, gctx->seq_num); + "getent context = %p, " + "db index = %d, cookie # = %lld, " + "sequence # = %lld\n", + gctx->pid, gctx, gctx->dbi, + gctx->cookie_num, gctx->seq_num); if (first != NULL) { last->next = gctx; @@ -617,12 +656,20 @@ reclaim_getent_ctx(void *arg) /* - * return all the orphan getent contexts to the pool + * return all the orphan getent contexts to the pool if not + * in use */ for (gctx = first; gctx; ) { + int in_use; c = gctx->next; - gctx->next = NULL; - _nscd_put_getent_ctx(gctx); + gctx->aborted = 1; + (void) mutex_lock(&gctx->getent_mutex); + in_use = gctx->in_use; + (void) mutex_unlock(&gctx->getent_mutex); + if (in_use != 1) { + gctx->next = NULL; + _nscd_put_getent_ctx(gctx); + } gctx = c; } first = last = NULL; diff --git a/usr/src/cmd/nscd/nscd_selfcred.c b/usr/src/cmd/nscd/nscd_selfcred.c index 0150aad6b9..c56efbdea0 100644 --- a/usr/src/cmd/nscd/nscd_selfcred.c +++ b/usr/src/cmd/nscd/nscd_selfcred.c @@ -20,7 +20,7 @@ */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -164,14 +164,14 @@ init_slot(int s) ch = child[s]; if ((ch->mutex = (mutex_t *)calloc(1, - sizeof (mutex_t))) == NULL) { + sizeof (mutex_t))) == NULL) { free(ch); return (-1); } (void) mutex_init(ch->mutex, USYNC_THREAD, NULL); if ((ch->cond = (cond_t *)calloc(1, - sizeof (cond_t))) == NULL) { + sizeof (cond_t))) == NULL) { free(ch->mutex); free(ch); return (-1); @@ -233,13 +233,13 @@ get_cslot( for (i = 0; i <= used_slot; i++) { ch = child[i]; if (ch->child_state >= CHILD_STATE_UIDKNOWN && - ch->child_uid == uid) { + ch->child_uid == uid) { ret = ch; (void) mutex_unlock(&child_lock); _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "slot %d found with uid %d\n", - ret->child_slot, ret->child_uid); + ret->child_slot, ret->child_uid); return (ret); } @@ -264,7 +264,7 @@ get_cslot( return (ret); } (void) memcpy(tmp, child, sizeof (child_t) * - max_pu_nscd); + max_pu_nscd); free(child); child = tmp; max_pu_nscd = newmax; @@ -350,7 +350,7 @@ selfcred_kill( if (fd != -1) ret = _nscd_doorcall_fd(fd, NSCD_KILL, NULL, 0, - NULL, 0, NULL); + NULL, 0, NULL); else ret = _nscd_doorcall(NSCD_KILL); @@ -386,7 +386,7 @@ _nscd_kill_all_children() if (child[i]->child_state >= CHILD_STATE_PIDKNOWN) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "killing child process %d (doorfd %d)\n", - child[i]->child_pid, child[i]->child_door); + child[i]->child_pid, child[i]->child_door); ret = selfcred_kill(child[i]->child_door); @@ -409,7 +409,7 @@ selfcred_pulse( (me, "start monitoring door %d\n", fd); ret = _nscd_doorcall_fd(fd, NSCD_PULSE |(_whoami & NSCD_WHOAMI), - NULL, 0, NULL, 0, NULL); + NULL, 0, NULL, 0, NULL); _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "door (%d) monitor exited (rc = %d)\n", fd, ret); @@ -431,8 +431,8 @@ forker_monitor( (void) selfcred_pulse(forking_door); _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) -(me, "forker (pid = %d) exited or crashed, killing all child processes\n", - fpid); + (me, "forker (pid = %d) exited or crashed, " + "killing all child processes\n", fpid); (void) mutex_lock(&forking_lock); forking_door = -1; @@ -524,7 +524,7 @@ _nscd_proc_iamhere( (me, "door_ucred failed: %s\n", strerror(errnum)); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, - NSCD_DOOR_UCRED_ERROR); + NSCD_DOOR_UCRED_ERROR); } uid = ucred_geteuid(uc); @@ -541,7 +541,7 @@ _nscd_proc_iamhere( NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_MAIN_IMPOSTER); + NSCD_SELF_CRED_MAIN_IMPOSTER); } break; @@ -556,7 +556,7 @@ _nscd_proc_iamhere( NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_FORKER_IMPOSTER); + NSCD_SELF_CRED_FORKER_IMPOSTER); break; } @@ -564,18 +564,18 @@ _nscd_proc_iamhere( if (_whoami != NSCD_MAIN) { NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_WRONG_NSCD); + NSCD_SELF_CRED_WRONG_NSCD); break; } if (ucred_getpid(uc) != forker_pid) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) - (me, "FORKER IMPOSTER CAUGHT: pid = %d should be %d\n", - ucred_getpid(uc), forker_pid); + (me, "FORKER IMPOSTER CAUGHT: pid = %d should be %d\n", + ucred_getpid(uc), forker_pid); NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_FORKER_IMPOSTER); + NSCD_SELF_CRED_FORKER_IMPOSTER); break; } @@ -585,13 +585,13 @@ _nscd_proc_iamhere( NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_NO_DOOR); + NSCD_SELF_CRED_NO_DOOR); break; } if ((dp->d_attributes & DOOR_DESCRIPTOR) && - dp->d_data.d_desc.d_descriptor > 0 && - dp->d_data.d_desc.d_id != 0) { + dp->d_data.d_desc.d_descriptor > 0 && + dp->d_data.d_desc.d_id != 0) { (void) mutex_lock(&forking_lock); if (forking_door != -1) (void) close(forking_door); @@ -609,7 +609,7 @@ _nscd_proc_iamhere( /* monitor the forker nscd */ (void) thr_create(NULL, 0, forker_monitor, NULL, - THR_DETACHED, NULL); + THR_DETACHED, NULL); break; @@ -620,7 +620,7 @@ _nscd_proc_iamhere( (me, "CHILD IMPOSTER CAUGHT!\n"); NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_CHILD_IMPOSTER); + NSCD_SELF_CRED_CHILD_IMPOSTER); break; } @@ -640,38 +640,38 @@ _nscd_proc_iamhere( (me, "bad slot number %d\n", cslot); NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_INVALID_SLOT_NUMBER); + NSCD_SELF_CRED_INVALID_SLOT_NUMBER); break; } if (uid != ch->child_uid) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "CHILD IMPOSTER CAUGHT: uid = %d should be %d\n", - uid, ch->child_uid); + uid, ch->child_uid); NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_CHILD_IMPOSTER); + NSCD_SELF_CRED_CHILD_IMPOSTER); break; } if (ch->child_state != CHILD_STATE_UIDKNOWN && - ch->child_state != CHILD_STATE_FORKSENT) { + ch->child_state != CHILD_STATE_FORKSENT) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "invalid slot/child state (%d) for uid %d\n", - ch->child_state, uid); + ch->child_state, uid); NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_INVALID_SLOT_STATE); + NSCD_SELF_CRED_INVALID_SLOT_STATE); break; } _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "d_descriptor = %d, d_id = %lld\n", - dp->d_data.d_desc.d_descriptor, dp->d_data.d_desc.d_id); + dp->d_data.d_desc.d_descriptor, dp->d_data.d_desc.d_id); if ((dp->d_attributes & DOOR_DESCRIPTOR) && - dp->d_data.d_desc.d_descriptor > 0 && - dp->d_data.d_desc.d_id != 0) { + dp->d_data.d_desc.d_descriptor > 0 && + dp->d_data.d_desc.d_id != 0) { (void) mutex_lock(ch->mutex); if (ch->child_door != -1) (void) close(ch->child_door); @@ -680,7 +680,7 @@ _nscd_proc_iamhere( ch->child_state = CHILD_STATE_PIDKNOWN; _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "child in slot %d has door %d\n", - cslot, ch->child_door); + cslot, ch->child_door); /* * let waiters know that the child is ready to @@ -691,7 +691,7 @@ _nscd_proc_iamhere( /* monitor the child nscd */ (void) thr_create(NULL, 0, child_monitor, - ch, THR_DETACHED, NULL); + ch, THR_DETACHED, NULL); NSCD_SET_STATUS_SUCCESS(phdr); break; } else { @@ -720,7 +720,7 @@ _nscd_proc_pulse( (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_MAIN_IMPOSTER); + NSCD_SELF_CRED_MAIN_IMPOSTER); } /* forker doesn't return stats, it just pauses */ @@ -752,7 +752,7 @@ _nscd_proc_pulse( last_active = activity; _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "active, sleep again for %d seconds\n", - pu_nscd_ttl); + pu_nscd_ttl); } (void) mutex_unlock(&activity_lock); } @@ -785,11 +785,10 @@ _nscd_proc_fork( /* only main nscd sends fork requests */ if (iam != NSCD_MAIN) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) - (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", - iam); + (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_MAIN_IMPOSTER); + NSCD_SELF_CRED_MAIN_IMPOSTER); } /* only forker handles fork requests */ @@ -798,7 +797,7 @@ _nscd_proc_fork( (me, "MAIN IMPOSTER CAUGHT! I AM NOT FORKER!\n"); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_WRONG_NSCD); + NSCD_SELF_CRED_WRONG_NSCD); } /* fork a child for the slot assigned by the main nscd */ @@ -814,7 +813,7 @@ _nscd_proc_fork( (me, "bas slot number\n"); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_INVALID_SLOT_NUMBER); + NSCD_SELF_CRED_INVALID_SLOT_NUMBER); } _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) @@ -855,8 +854,8 @@ _nscd_proc_fork( ih.slot = slot; for (ret = NSS_ALTRETRY; ret == NSS_ALTRETRY; ) ret = _nscd_doorcall_sendfd(_doorfd, - NSCD_IMHERE | (NSCD_CHILD & NSCD_WHOAMI), - &ih, sizeof (ih), NULL); + NSCD_IMHERE | (NSCD_CHILD & NSCD_WHOAMI), + &ih, sizeof (ih), NULL); NSCD_RETURN_STATUS_SUCCESS(phdr); } if (cid == (pid_t)-1) { @@ -881,7 +880,7 @@ _nscd_proc_fork( _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "child forked: parent pid = %d, child pid = %d\n", - getpid(), cid); + getpid(), cid); NSCD_SET_STATUS_SUCCESS(phdr); } @@ -906,31 +905,32 @@ selfcred_fork( /* if no door fd, do nothing */ if (doorfd == -1) { NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_NO_DOOR); + NSCD_SELF_CRED_NO_DOOR); } _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "sending fork request to door %d for slot %d " - "(uid = %d, gid = %d)\n", doorfd, cslot, uid, gid); + "(uid = %d, gid = %d)\n", doorfd, cslot, uid, gid); f.slot = cslot; f.uid = uid; f.gid = gid; ret = _nscd_doorcall_fd(doorfd, NSCD_FORK|(_whoami&NSCD_WHOAMI), - &f, sizeof (f), NULL, 0, phdr); + &f, sizeof (f), NULL, 0, phdr); _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "fork request sent to door %d for slot %d (rc = %d)\n", - doorfd, cslot, ret); + doorfd, cslot, ret); if (NSCD_STATUS_IS_NOT_OK(phdr)) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "fork request sent to door %d for slot %d failed: " - "status = %d, errno = %s, nscd status = %d\n", doorfd, - cslot, NSCD_GET_STATUS(phdr), strerror(NSCD_GET_ERRNO(phdr)), - NSCD_GET_NSCD_STATUS(phdr)); + "status = %d, errno = %s, nscd status = %d\n", doorfd, + cslot, NSCD_GET_STATUS(phdr), + strerror(NSCD_GET_ERRNO(phdr)), + NSCD_GET_NSCD_STATUS(phdr)); } } @@ -957,7 +957,7 @@ _nscd_proc_alt_get( (me, "no door to talk to the forker\n"); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_NO_FORKER); + NSCD_SELF_CRED_NO_FORKER); } /* get door client's credential information */ @@ -967,7 +967,7 @@ _nscd_proc_alt_get( (me, "door_ucred failed: %s\n", strerror(errnum)); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, - NSCD_DOOR_UCRED_ERROR); + NSCD_DOOR_UCRED_ERROR); } /* get door client's effective uid and effective gid */ @@ -984,10 +984,10 @@ _nscd_proc_alt_get( _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "no child slot available (child array = %p, slot = %d)\n", - child, ch->child_slot); + child, ch->child_slot); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_NO_CHILD_SLOT); + NSCD_SELF_CRED_NO_CHILD_SLOT); } /* create the per user nscd if necessary */ @@ -1001,7 +1001,7 @@ _nscd_proc_alt_get( /* ask forker to fork a new child */ selfcred_fork(&phdr1, forking_door, ch->child_slot, - set2uid, set2gid); + set2uid, set2gid); if (NSCD_STATUS_IS_NOT_OK(&phdr1)) { (void) mutex_unlock(ch->mutex); NSCD_COPY_STATUS(phdr, &phdr1); @@ -1012,7 +1012,7 @@ _nscd_proc_alt_get( _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "waiting for door (slot = %d, uid = %d, gid = %d)\n", - ch->child_slot, set2uid, set2gid); + ch->child_slot, set2uid, set2gid); /* wait for the per user nscd to become available */ while (ch->child_state == CHILD_STATE_FORKSENT) { @@ -1026,12 +1026,11 @@ _nscd_proc_alt_get( (me, "cond_reltimedwait %d seconds\n", ttl); err = cond_reltimedwait(ch->cond, ch->mutex, &to); if (err == ETIME) { - ch->child_state = - CHILD_STATE_UIDKNOWN; + ch->child_state = CHILD_STATE_UIDKNOWN; _NSCD_LOG(NSCD_LOG_SELF_CRED, - NSCD_LOG_LEVEL_DEBUG) + NSCD_LOG_LEVEL_DEBUG) (me, "door wait timedout (slot = %d)\n", - ch->child_slot); + ch->child_slot); break; } } @@ -1041,14 +1040,14 @@ _nscd_proc_alt_get( if (ch->child_state != CHILD_STATE_PIDKNOWN) { NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_INVALID_SLOT_STATE); + NSCD_SELF_CRED_INVALID_SLOT_STATE); } *door = ch->child_door; _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "returning door %d for slot %d, uid %d, gid = %d\n", - *door, ch->child_slot, set2uid, set2gid); + *door, ch->child_slot, set2uid, set2gid); NSCD_RETURN_STATUS(phdr, NSS_ALTRETRY, 0); } @@ -1138,9 +1137,9 @@ _nscd_start_forker( rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_NOFILE, &rl) < 0) { _NSCD_LOG(NSCD_LOG_SELF_CRED, - NSCD_LOG_LEVEL_ERROR) + NSCD_LOG_LEVEL_ERROR) (me, "Cannot set open file limit: %s\n", - strerror(errno)); + strerror(errno)); exit(1); } @@ -1226,7 +1225,7 @@ _nscd_is_self_cred_on(int recheck, char **dblist) (void) get_ldap_funcs(ldap_sc_func, (void **)&ldap_func); if (ldap_func != NULL) { if (ldap_func(&ldap_config) == NS_LDAP_SUCCESS && - ldap_config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE) + ldap_config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE) ldap_on = 1; } @@ -1277,7 +1276,7 @@ _nscd_peruser_getadmin( (me, "door_ucred failed: %s\n", strerror(errnum)); NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, - NSCD_DOOR_UCRED_ERROR); + NSCD_DOOR_UCRED_ERROR); } /* get door client's effective uid */ @@ -1292,12 +1291,12 @@ _nscd_peruser_getadmin( ch = get_cslot(uid, 1); if (ch == NULL) { NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, - NSCD_SELF_CRED_NO_CHILD_SLOT); + NSCD_SELF_CRED_NO_CHILD_SLOT); } ret = _nscd_doorcall_fd(ch->child_door, NSCD_GETADMIN, - NULL, sizeof (nscd_admin_t), result_mn, - sizeof (nscd_admin_t), phdr); + NULL, sizeof (nscd_admin_t), result_mn, + sizeof (nscd_admin_t), phdr); if (ret == NSS_SUCCESS) { phdr->data_len = sizeof (nscd_admin_t); @@ -1311,20 +1310,22 @@ set_selfcred_cfg( void *data) { int64_t prop_int; + uint8_t prop_boolean; char *me = "set_selfcred_cfg"; - if (param == 'a' || param == 'e') { + if (param == 'e') { + prop_boolean = *(uint8_t *)data; pu_nscd_enabled = *(uint8_t *)get_smf_prop( - "enable_per_user_lookup", 'b', data); + "enable_per_user_lookup", 'b', &prop_boolean); _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "self cred config: enabled = %d\n", pu_nscd_enabled); } - if (param == 'a' || param == 't') { + if (param == 't') { prop_int = *(int *)data; pu_nscd_ttl = *(int64_t *)get_smf_prop( - "per_user_nscd_time_to_live", 'i', &prop_int); + "per_user_nscd_time_to_live", 'i', &prop_int); _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "self cred config: PUN TTL = %d\n", pu_nscd_ttl); @@ -1356,15 +1357,11 @@ _nscd_cfg_selfcred_notify( *sc_cfg = *(nscd_cfg_global_selfcred_t *)data; off = offsetof(nscd_cfg_global_selfcred_t, - enable_selfcred); + enable_selfcred); set_selfcred_cfg('e', (char *)data + off); off = offsetof(nscd_cfg_global_selfcred_t, - max_per_user_nscd); - set_selfcred_cfg('n', (char *)data + off); - - off = offsetof(nscd_cfg_global_selfcred_t, - per_user_nscd_ttl); + per_user_nscd_ttl); set_selfcred_cfg('t', (char *)data + off); return (NSCD_SUCCESS); @@ -1380,13 +1377,6 @@ _nscd_cfg_selfcred_notify( return (NSCD_SUCCESS); } - off = offsetof(nscd_cfg_global_selfcred_t, max_per_user_nscd); - if (pdesc->p_offset == off) { - sc_cfg->max_per_user_nscd = *(int *)data; - set_selfcred_cfg('n', data); - return (NSCD_SUCCESS); - } - off = offsetof(nscd_cfg_global_selfcred_t, per_user_nscd_ttl); if (pdesc->p_offset == off) { sc_cfg->per_user_nscd_ttl = *(int *)data; @@ -1462,7 +1452,7 @@ retry: (void) close(pfd); if (info.pr_pid != pid && - info.pr_uid == uid && info.pr_euid == euid) + info.pr_uid == uid && info.pr_euid == euid) return (0); else return (1); @@ -1549,7 +1539,7 @@ static void * get_smf_prop(const char *var, char type, void *def_val) { scf_simple_prop_t *prop; - void *val = def_val; + void *val; char *me = "get_smf_prop"; prop = scf_simple_prop_get(NULL, NULL, "config", var); @@ -1557,14 +1547,14 @@ get_smf_prop(const char *var, char type, void *def_val) switch (type) { case 'b': val = scf_simple_prop_next_boolean(prop); + if (val != NULL) + (void) memcpy(def_val, val, sizeof (uint8_t)); break; case 'i': val = scf_simple_prop_next_integer(prop); - break; - - case 'c': - val = scf_simple_prop_next_count(prop); + if (val != NULL) + (void) memcpy(def_val, val, sizeof (int64_t)); break; } scf_simple_prop_free(prop); @@ -1583,16 +1573,15 @@ get_smf_prop(const char *var, char type, void *def_val) break; case 'i': - case 'c': (void) sprintf(vs, "%lld", *(int64_t *)def_val); break; } _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ALERT) (me, "no value for config/%s (%s). " - "Using default \"%s\"\n", var, - scf_strerror(scf_error()), vs); + "Using default \"%s\"\n", var, + scf_strerror(scf_error()), vs); } - return (val); + return (def_val); } diff --git a/usr/src/cmd/nscd/nscd_switch.c b/usr/src/cmd/nscd/nscd_switch.c index 782cb20756..bab050e97f 100644 --- a/usr/src/cmd/nscd/nscd_switch.c +++ b/usr/src/cmd/nscd/nscd_switch.c @@ -1442,7 +1442,8 @@ nscd_map_contextp(void *buffer, nss_getent_t *contextp, if (ctx == NULL) { _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) - (me, "invalid cookie # (%lld)\n", cookie->p1_cookie_num); + (me, "No matching context found (cookie number: %lld)\n", + cookie->p1_cookie_num); NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); } @@ -1453,6 +1454,7 @@ nscd_map_contextp(void *buffer, nss_getent_t *contextp, _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "invalid sequence # (%lld)\n", cookie->p1_seqnum); + _nscd_free_ctx_if_aborted(ctx); NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); } @@ -1643,6 +1645,9 @@ nss_pgetent(void *buffer, size_t length) status = nss_packed_context_init(buffer, length, NULL, &initf, &contextp, &arg); if (status != NSS_SUCCESS) { + clear_initf_key(); + _nscd_free_ctx_if_aborted( + (nscd_getent_context_t *)contextp->ctx); NSCD_RETURN_STATUS(pbuf, status, -1); } @@ -1662,6 +1667,8 @@ nss_pgetent(void *buffer, size_t length) (me, "getent OK, new sequence # = %lld, len = %lld," " data = >>%s<<\n", *seqnum_p, pbuf->data_len, (char *)buffer + pbuf->data_off); + + _nscd_free_ctx_if_aborted(ctx); } else { /* release the resources used */ ctx = (nscd_getent_context_t *)contextp->ctx; diff --git a/usr/src/cmd/nscd/nscd_switch.h b/usr/src/cmd/nscd/nscd_switch.h index eaca0d5e39..30763f0843 100644 --- a/usr/src/cmd/nscd/nscd_switch.h +++ b/usr/src/cmd/nscd/nscd_switch.h @@ -141,6 +141,9 @@ typedef struct nscd_getent_ctx_base { */ typedef struct nscd_getent_context { int dbi; + mutex_t getent_mutex; + int aborted; + int in_use; nscd_seq_num_t seq_num; nscd_cookie_num_t cookie_num; pid_t pid; /* door client's pid */ @@ -319,6 +322,9 @@ _nscd_get_getent_ctx( void _nscd_put_getent_ctx( nscd_getent_context_t *ctx); +void +_nscd_free_ctx_if_aborted( + nscd_getent_context_t *ctx); nscd_rc_t _nscd_init_all_nsw_config(); diff --git a/usr/src/lib/libsldap/common/ns_common.c b/usr/src/lib/libsldap/common/ns_common.c index 268393e50d..199691295a 100644 --- a/usr/src/lib/libsldap/common/ns_common.c +++ b/usr/src/lib/libsldap/common/ns_common.c @@ -2286,7 +2286,7 @@ __s_api_removeServer(const char *server) (void) __ns_ldap_freeError(&error); } - return (-1); + return (NS_CACHE_NOSERVER); } return (0); diff --git a/usr/src/lib/libsldap/common/ns_config.c b/usr/src/lib/libsldap/common/ns_config.c index b4d8d88fde..2046a46bad 100644 --- a/usr/src/lib/libsldap/common/ns_config.c +++ b/usr/src/lib/libsldap/common/ns_config.c @@ -58,7 +58,7 @@ #include "ns_cache_door.h" #include "ns_connmgmt.h" -#pragma fini(__s_api_free_sessionPool, __s_api_shutdown_conn_mgmt, \ +#pragma fini(__s_api_shutdown_conn_mgmt, \ _free_config, __ns_ldap_doorfd_close) static mutex_t ns_parse_lock = DEFAULTMUTEX; diff --git a/usr/src/lib/libsldap/common/ns_connect.c b/usr/src/lib/libsldap/common/ns_connect.c index e935a186b5..67cdee702f 100644 --- a/usr/src/lib/libsldap/common/ns_connect.c +++ b/usr/src/lib/libsldap/common/ns_connect.c @@ -176,11 +176,18 @@ __s_api_requestServer(const char *request, const char *server, * from the local libsldap's list */ if (__s_api_isStandalone()) { - if (__s_api_findRootDSE(ireq, + if ((ret_code = __s_api_findRootDSE(ireq, server, addrType, ret, - error) != NS_LDAP_SUCCESS) { + error)) != NS_LDAP_SUCCESS) { + /* + * get first server from local list only once + * to prevent looping + */ + if (strcmp(ireq, NS_CACHE_NEW) != 0) + return (ret_code); + syslog(LOG_WARNING, "libsldap (\"standalone\" mode): " "can not find any available server. " diff --git a/usr/src/lib/libsldap/common/ns_connmgmt.c b/usr/src/lib/libsldap/common/ns_connmgmt.c index d0e1ca0332..1bacf7fdd8 100755 --- a/usr/src/lib/libsldap/common/ns_connmgmt.c +++ b/usr/src/lib/libsldap/common/ns_connmgmt.c @@ -777,6 +777,7 @@ release_conn_mgmt(ns_conn_mgmt_t *cmg, boolean_t unlock_cmg) if (unlock_cmg == B_TRUE) (void) mutex_unlock(&cmg->lock); free_conn_mgmt(cmg); + __s_api_free_sessionPool(); return (NULL); } else { syslog(LOG_WARNING, diff --git a/usr/src/lib/libsldap/common/ns_standalone.c b/usr/src/lib/libsldap/common/ns_standalone.c index 74f6ded348..439686dab0 100644 --- a/usr/src/lib/libsldap/common/ns_standalone.c +++ b/usr/src/lib/libsldap/common/ns_standalone.c @@ -1112,6 +1112,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server, Connection *session = NULL; char errmsg[MAXERROR]; char buffer[NSS_BUFLEN_HOSTS]; + ns_conn_user_t *cu = NULL; if (errorp == NULL) { __s_api_destroy_config(config_struct); @@ -1194,6 +1195,11 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server, __s_api_setInitMode(); + cu = __s_api_conn_user_init(NS_CONN_USER_SEARCH, NULL, B_FALSE); + if (cu == NULL) { + return (NS_LDAP_INTERNAL); + } + if ((ret_code = __s_api_getConnection(serverAddr, NS_LDAP_NEW_CONN, cred ? cred : &default_cred, @@ -1202,7 +1208,8 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server, errorp, 0, 0, - NULL)) != NS_LDAP_SUCCESS) { + cu)) != NS_LDAP_SUCCESS) { + __s_api_conn_user_free(cu); __s_api_unsetInitMode(); return (ret_code); } @@ -1225,6 +1232,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server, ret_code, strdup(errmsg), NS_LDAP_MEMORY); + __s_api_conn_user_free(cu); DropConnection(sessionId, NS_LDAP_NEW_CONN); return (ret_code); } @@ -1249,6 +1257,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server, ret_code, strdup(errmsg), NS_LDAP_MEMORY); + __s_api_conn_user_free(cu); DropConnection(sessionId, NS_LDAP_NEW_CONN); return (ret_code); } @@ -1265,6 +1274,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server, free(duaProfile); } + __s_api_conn_user_free(cu); DropConnection(sessionId, NS_LDAP_NEW_CONN); return (NS_LDAP_SUCCESS); @@ -1302,6 +1312,7 @@ __ns_ldap_getRootDSE(const char *server_addr, void **paramVal = NULL; ns_cred_t anon; + ns_conn_user_t *cu = NULL; if (errorp == NULL) { return (NS_LDAP_INVALID_PARAM); @@ -1319,6 +1330,11 @@ __ns_ldap_getRootDSE(const char *server_addr, __s_api_setInitMode(); + cu = __s_api_conn_user_init(NS_CONN_USER_SEARCH, NULL, B_FALSE); + if (cu == NULL) { + return (NS_LDAP_INTERNAL); + } + /* * All the credentials will be taken from the current * libsldap configuration. @@ -1331,7 +1347,7 @@ __ns_ldap_getRootDSE(const char *server_addr, errorp, 0, 0, - NULL)) != NS_LDAP_SUCCESS) { + cu)) != NS_LDAP_SUCCESS) { /* Fallback to anonymous mode is disabled. Stop. */ if (anon_fallback == 0) { syslog(LOG_WARNING, @@ -1377,9 +1393,10 @@ __ns_ldap_getRootDSE(const char *server_addr, errorp, 0, 0, - NULL); + cu); if (ret_code != NS_LDAP_SUCCESS) { + __s_api_conn_user_free(cu); __s_api_unsetInitMode(); return (ret_code); } @@ -1435,8 +1452,10 @@ __ns_ldap_getRootDSE(const char *server_addr, resultMsg = NULL; } + __s_api_conn_user_free(cu); return (NS_LDAP_OP_FAILED); } + __s_api_conn_user_free(cu); ret_code = convert_to_door_line(session->ld, resultMsg, |