Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Matúš Honěk | dc7bf3e49f | |
Matúš Honěk | 9e4e33d81a |
|
@ -0,0 +1,50 @@
|
|||
NSS: re-register NSS_Shutdown callback
|
||||
|
||||
Original upstream comment:
|
||||
"""
|
||||
When there's a persistent daemon for auth and it sets LDAP_OPT_X_TLS_NEWCTX, it
|
||||
fails to auth at third login.
|
||||
|
||||
1. everything is good and destroyed after use but
|
||||
tlsm_register_shutdown_callonce.initialized=1.
|
||||
2. still good but because tlsm_register_shutdown_callonce.initialized==1, it
|
||||
fails to register shutdown function.
|
||||
so pem_module is not destroyed at the end.
|
||||
3. pem_module is not NULL so it's not initialized again and not added to modules
|
||||
list. And Login fails.
|
||||
"""
|
||||
|
||||
Sent-By: soohoon.lee@f5.com
|
||||
Original-Name: soohoon-lee-160823.patch
|
||||
Upstream-ITS: 8484
|
||||
|
||||
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||
index cdf7f8e..cf05914 100644
|
||||
--- a/libraries/libldap/tls_m.c
|
||||
+++ b/libraries/libldap/tls_m.c
|
||||
@@ -1145,6 +1145,8 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static PRCallOnceType tlsm_register_shutdown_callonce = {0,0};
|
||||
+
|
||||
static SECStatus
|
||||
tlsm_nss_shutdown_cb( void *appData, void *nssData )
|
||||
{
|
||||
@@ -1157,10 +1159,15 @@ tlsm_nss_shutdown_cb( void *appData, void *nssData )
|
||||
SECMOD_DestroyModule( pem_module );
|
||||
pem_module = NULL;
|
||||
}
|
||||
+
|
||||
+ /* init callonce so it can be armed again for cases like persistent daemon with LDAP_OPT_X_TLS_NEWCTX */
|
||||
+ tlsm_register_shutdown_callonce.initialized = 0;
|
||||
+ tlsm_register_shutdown_callonce.inProgress = 0;
|
||||
+ tlsm_register_shutdown_callonce.status = 0;
|
||||
+
|
||||
return rc;
|
||||
}
|
||||
|
||||
-static PRCallOnceType tlsm_register_shutdown_callonce = {0,0};
|
||||
static PRStatus PR_CALLBACK
|
||||
tlsm_register_nss_shutdown_cb( void )
|
||||
{
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
Name: openldap
|
||||
Version: 2.4.45
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: LDAP support libraries
|
||||
Group: System Environment/Daemons
|
||||
License: OpenLDAP
|
||||
|
@ -34,6 +34,7 @@ Patch14: openldap-nss-ignore-certdb-type-prefix.patch
|
|||
Patch15: openldap-nss-certs-from-certdb-fallback-pem.patch
|
||||
Patch16: openldap-nss-pk11-freeslot.patch
|
||||
Patch17: openldap-allop-overlay.patch
|
||||
Patch18: openldap-nss-reregister-nss-shutdown-callback.patch
|
||||
|
||||
# fix back_perl problems with lt_dlopen()
|
||||
# might cause crashes because of symbol collisions
|
||||
|
@ -146,6 +147,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
|
|||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch22 -p1
|
||||
|
@ -546,6 +548,9 @@ exit 0
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Tue Dec 5 2017 Matus Honek <mhonek@redhat.com> - 2.4.45-4
|
||||
- fix: openldap does not re-register nss shutdown callbacks after nss_Shutdown is called (#1520990)
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.45-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue