autofs-5.1.1 - fix return handling of do_reconnect() in ldap module From: Ian Kent <raven@themaw.net> In the ldap lookup module the do_reconnect() call doesn't distinguish between no entry found and service unavailable. If service unavailable gets returned from a master map read it results in autofs not updating the mounts. A notfound return doesn't because it indicates the map doesn't exist so updating the mounts isn't a problem as it can be when the source is unavailable. Finally make do_reconnect() return a status instead of an LDAP handle and pass back the LDAP handle via a function parameter. Signed-off-by: Ian Kent <raven@themaw.net> --- CHANGELOG | 1 + modules/lookup_ldap.c | 78 ++++++++++++++++++++++++++++--------------------- 2 files changed, 46 insertions(+), 33 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index bc79bc0..fa8231c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,6 +9,7 @@ - make connect_to_server() return a status. - make find_dc_server() return a status. - make find_server() return a status. +- fix return handling of do_reconnect() in ldap module. 21/04/2015 autofs-5.1.1 ======================= diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c index 783239d..7e23869 100644 --- a/modules/lookup_ldap.c +++ b/modules/lookup_ldap.c @@ -961,31 +961,33 @@ static int find_server(unsigned logopt, return ret; } -static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt) +static int do_reconnect(unsigned logopt, + LDAP **ldap, struct lookup_context *ctxt) { - LDAP *ldap = NULL; - int ret; + int ret = NSS_STATUS_UNAVAIL; + int dcrv = NSS_STATUS_SUCCESS; + int rv = NSS_STATUS_SUCCESS; if (ctxt->server || !ctxt->uris) { - ret = do_connect(logopt, &ldap, ctxt->server, ctxt); + ret = do_connect(logopt, ldap, ctxt->server, ctxt); #ifdef WITH_SASL /* Dispose of the sasl authentication connection and try again. */ - if (ret != NSS_STATUS_SUCCESS && - ctxt->auth_required & LDAP_NEED_AUTH) { + if (ctxt->auth_required & LDAP_NEED_AUTH && + ret != NSS_STATUS_SUCCESS && ret != NSS_STATUS_NOTFOUND) { ldapinit_mutex_lock(); autofs_sasl_dispose(ctxt); ldapinit_mutex_unlock(); - ret = connect_to_server(logopt, &ldap, + ret = connect_to_server(logopt, ldap, ctxt->server, ctxt); } #endif - return ldap; + return ret; } if (ctxt->dclist) { - ret = find_dc_server(logopt, &ldap, ctxt->dclist->uri, ctxt); - if (ret == NSS_STATUS_SUCCESS) - return ldap; + dcrv = find_dc_server(logopt, ldap, ctxt->dclist->uri, ctxt); + if (dcrv == NSS_STATUS_SUCCESS) + return dcrv; } uris_mutex_lock(ctxt); @@ -1004,22 +1006,22 @@ static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt) if (!ctxt->uri) goto find_server; - ret = do_connect(logopt, &ldap, ctxt->uri->uri, ctxt); + rv = do_connect(logopt, ldap, ctxt->uri->uri, ctxt); #ifdef WITH_SASL /* * Dispose of the sasl authentication connection and try the * current server again before trying other servers in the list. */ - if (ret != NSS_STATUS_SUCCESS && - ctxt->auth_required & LDAP_NEED_AUTH) { + if (ctxt->auth_required & LDAP_NEED_AUTH && + rv != NSS_STATUS_SUCCESS && rv != NSS_STATUS_NOTFOUND) { ldapinit_mutex_lock(); autofs_sasl_dispose(ctxt); ldapinit_mutex_unlock(); - ret = connect_to_server(logopt, &ldap, ctxt->uri->uri, ctxt); + rv = connect_to_server(logopt, ldap, ctxt->uri->uri, ctxt); } #endif - if (ldap) - return ldap; + if (rv == NSS_STATUS_SUCCESS) + return rv; /* Failed to connect, try to find a new server */ @@ -1031,11 +1033,16 @@ find_server: #endif /* Current server failed, try the rest or dc connection */ - ret = find_server(logopt, &ldap, ctxt); - if (ret != NSS_STATUS_SUCCESS) + ret = find_server(logopt, ldap, ctxt); + if (ret != NSS_STATUS_SUCCESS) { + if (ret == NSS_STATUS_NOTFOUND || + dcrv == NSS_STATUS_NOTFOUND || + rv == NSS_STATUS_NOTFOUND) + ret = NSS_STATUS_NOTFOUND; error(logopt, MODPREFIX "failed to find available server"); + } - return ldap; + return ret; } int get_property(unsigned logopt, xmlNodePtr node, const char *prop, char **value) @@ -1841,12 +1848,12 @@ int lookup_read_master(struct master *master, time_t age, void *context) char **values = NULL; char *attrs[3]; int scope = LDAP_SCOPE_SUBTREE; - LDAP *ldap; + LDAP *ldap = NULL; /* Initialize the LDAP context. */ - ldap = do_reconnect(logopt, ctxt); - if (!ldap) - return NSS_STATUS_UNAVAIL; + rv = do_reconnect(logopt, &ldap, ctxt); + if (rv) + return rv; class = ctxt->schema->entry_class; entry = ctxt->schema->entry_attr; @@ -2754,9 +2761,10 @@ static int read_one_map(struct autofs_point *ap, sp.age = age; /* Initialize the LDAP context. */ - sp.ldap = do_reconnect(ap->logopt, ctxt); - if (!sp.ldap) - return NSS_STATUS_UNAVAIL; + sp.ldap = NULL; + rv = do_reconnect(ap->logopt, &sp.ldap, ctxt); + if (rv) + return rv; class = ctxt->schema->entry_class; entry = ctxt->schema->entry_attr; @@ -2908,7 +2916,7 @@ static int lookup_one(struct autofs_point *ap, struct map_source *source, struct berval **bvValues; char *attrs[3]; int scope = LDAP_SCOPE_SUBTREE; - LDAP *ldap; + LDAP *ldap = NULL; struct mapent *we; unsigned int wild = 0; int ret = CHE_MISSING; @@ -2921,9 +2929,11 @@ static int lookup_one(struct autofs_point *ap, struct map_source *source, } /* Initialize the LDAP context. */ - ldap = do_reconnect(ap->logopt, ctxt); - if (!ldap) + rv = do_reconnect(ap->logopt, &ldap, ctxt); + if (rv == NSS_STATUS_UNAVAIL) return CHE_UNAVAIL; + if (rv == NSS_STATUS_NOTFOUND) + return ret; class = ctxt->schema->entry_class; entry = ctxt->schema->entry_attr; @@ -3252,7 +3262,7 @@ static int lookup_one_amd(struct autofs_point *ap, struct lookup_context *ctxt) { struct mapent_cache *mc = source->mc; - LDAP *ldap; + LDAP *ldap = NULL; LDAPMessage *result = NULL, *e; char *query; int scope = LDAP_SCOPE_SUBTREE; @@ -3271,9 +3281,11 @@ static int lookup_one_amd(struct autofs_point *ap, } /* Initialize the LDAP context. */ - ldap = do_reconnect(ap->logopt, ctxt); - if (!ldap) + rv = do_reconnect(ap->logopt, &ldap, ctxt); + if (rv == NSS_STATUS_UNAVAIL) return CHE_UNAVAIL; + if (rv == NSS_STATUS_NOTFOUND) + return ret; map = ctxt->schema->map_attr; class = ctxt->schema->entry_class;