File 0009-fix-for-BUG-412-don-t-close-nested-contexts.patch of Package nss_ldap.13245

From 2dbece566df68ce1f48fa066509e7dc4added676 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 24 Feb 2010 11:28:53 +0000
Subject: [PATCH] fix for BUG#412: don't close nested contexts

diff --git a/ldap-grp.c b/ldap-grp.c
index b4770c1..810bb60 100644
--- a/ldap-grp.c
+++ b/ldap-grp.c
@@ -859,7 +859,7 @@ ng_chase (const char *dn, ldap_initgroups_args_t * lia)
   LA_STRING (a) = dn;
   LA_TYPE (a) = LA_TYPE_STRING;
 
-  if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
+  if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
     {
       return NSS_UNAVAIL;
     }
@@ -931,7 +931,7 @@ ng_chase_backlink (const char ** membersOf, ldap_initgroups_args_t * lia)
   LA_STRING_LIST (a) = filteredMembersOf;
   LA_TYPE (a) = LA_TYPE_STRING_LIST_OR;
 
-  if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
+  if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
     {
       free (filteredMembersOf);
       return NSS_UNAVAIL;
diff --git a/ldap-netgrp.c b/ldap-netgrp.c
index 092efc2..b495ad5 100644
--- a/ldap-netgrp.c
+++ b/ldap-netgrp.c
@@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t * li_args, const char *nested)
   LA_TYPE (a) = LA_TYPE_STRING;
   LA_STRING (a) = nested;	/* memberNisNetgroup */
 
-  if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
+  if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
     {
       debug ("<== do_innetgr_nested: failed to initialize context");
       return NSS_UNAVAIL;
diff --git a/ldap-nss.c b/ldap-nss.c
index 28c6b3e..2105157 100644
--- a/ldap-nss.c
+++ b/ldap-nss.c
@@ -2029,7 +2029,7 @@ _nss_ldap_ent_context_init_locked (ent_context_t ** pctx)
 
   if (ctx == NULL)
     {
-      ctx = (ent_context_t *) malloc (sizeof (*ctx));
+      ctx = (ent_context_t *) calloc (1, sizeof (*ctx));
       if (ctx == NULL)
 	{
 	  debug ("<== _nss_ldap_ent_context_init_locked");
@@ -2067,6 +2067,20 @@ _nss_ldap_ent_context_init_locked (ent_context_t ** pctx)
   return ctx;
 }
 
+ent_context_t *
+_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx)
+{
+  ent_context_t *ctx;
+
+  ctx = _nss_ldap_ent_context_init_locked (pctx);
+  if (ctx == NULL)
+    return NULL;
+
+  ctx->ec_internal = 1;
+
+  return ctx;
+}
+
 static void
 do_context_release (ent_context_t * ctx, int free_context)
 {
@@ -2096,7 +2110,8 @@ do_context_release (ent_context_t * ctx, int free_context)
 
   LS_INIT (ctx->ec_state);
 
-  if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
+  if (!ctx->ec_internal &&
+      _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
     {
       do_close ();
     }
diff --git a/ldap-nss.h b/ldap-nss.h
index b58f28b..1e96005 100644
--- a/ldap-nss.h
+++ b/ldap-nss.h
@@ -573,7 +573,9 @@ struct ent_context
   LDAPMessage *ec_res;		/* result chain */
   ldap_service_search_descriptor_t *ec_sd;	/* current sd */
   struct berval *ec_cookie;     /* cookie for paged searches */
-  int ec_eof;			/* reached notional end of file */
+  int ec_eof : 1;		/* reached notional end of file */
+  int ec_internal : 1;		/* this context is just a part of a larger
+				 * query for information */
 };
 
 typedef struct ent_context ent_context_t;
@@ -766,6 +768,15 @@ ent_context_t *_nss_ldap_ent_context_init (ent_context_t **);
 ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **);
 
 /*
+ * _nss_ldap_ent_context_init_internal_locked() has the same
+ * behaviour, except it marks the context as one that's being
+ * used to fetch additional data used in answering a request, i.e.
+ * that this isn't the "main" context
+ */
+
+ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **);
+
+/*
  * _nss_ldap_ent_context_release() is used to manually free a context 
  */
 void _nss_ldap_ent_context_release (ent_context_t **);
-- 
2.4.3