IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Properly handle LDAP socket closures in ipa-otpd

Browse Source 
In at least one case, when an LDAP socket closes, a read event is fired
rather than an error event. Without this patch, ipa-otpd silently
ignores this event and enters a state where all bind auths fail.

To remedy this problem, we pass error events along the same path as read
events. Should the actual read fail, we exit.

https://bugzilla.redhat.com/show_bug.cgi?id=1377858
https://fedorahosted.org/freeipa/ticket/6368

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Nathaniel McCallum 2016-09-27 14:34:05 -04:00 committed by Martin Basti
parent 03a0f5a105
commit 304300fd87
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
daemons/ipa-otpd/bind.c
View File

@ -85,6 +85,9 @@ static void on_bind_readable(verto_ctx *vctx, verto_ev *ev)
if (rslt <= 0) if (rslt <= 0)
results = NULL; results = NULL;
ldap_msgfree(results); ldap_msgfree(results);
otpd_log_err(EIO, "IO error received on bind socket");
verto_break(ctx.vctx);
ctx.exitstatus = 1;
return; return;
} }
@ -137,11 +140,6 @@ void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev)
flags = verto_get_fd_state(ev); flags = verto_get_fd_state(ev);
if (flags & VERTO_EV_FLAG_IO_WRITE) if (flags & VERTO_EV_FLAG_IO_WRITE)
on_bind_writable(vctx, ev); on_bind_writable(vctx, ev);
if (flags & VERTO_EV_FLAG_IO_READ) if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
on_bind_readable(vctx, ev); on_bind_readable(vctx, ev);
if (flags & VERTO_EV_FLAG_IO_ERROR) {
otpd_log_err(EIO, "IO error received on bind socket");
verto_break(ctx.vctx);
ctx.exitstatus = 1;
}
} }

13
daemons/ipa-otpd/query.c
View File

@ -133,7 +133,11 @@ static void on_query_readable(verto_ctx *vctx, verto_ev *ev)
if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) { if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) {
if (i <= 0) if (i <= 0)
results = NULL; results = NULL;
goto egress; ldap_msgfree(results);
otpd_log_err(EIO, "IO error received on query socket");
verto_break(ctx.vctx);
ctx.exitstatus = 1;
return;
} }
item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results)); item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results));
@ -243,11 +247,6 @@ void otpd_on_query_io(verto_ctx *vctx, verto_ev *ev)
flags = verto_get_fd_state(ev); flags = verto_get_fd_state(ev);
if (flags & VERTO_EV_FLAG_IO_WRITE) if (flags & VERTO_EV_FLAG_IO_WRITE)
on_query_writable(vctx, ev); on_query_writable(vctx, ev);
if (flags & VERTO_EV_FLAG_IO_READ) if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
on_query_readable(vctx, ev); on_query_readable(vctx, ev);
if (flags & VERTO_EV_FLAG_IO_ERROR) {
otpd_log_err(EIO, "IO error received on query socket");
verto_break(ctx.vctx);
ctx.exitstatus = 1;
}
} }