URL: https://github.com/freeipa/freeipa/pull/128 Author: npmccallum Title: #128: Properly handle LDAP socket closures in ipa-otpd Action: opened
PR body: """ In at least one case, when an LDAP socket closes, a read event is fired rather than an error event. Without this patch, ipa-otpd silently ignores this event and enters a state where all bind auths fail. To remedy this problem, we pass error events along the same path as read events. Should the actual read fail, we exit. https://bugzilla.redhat.com/show_bug.cgi?id=1377858 https://fedorahosted.org/freeipa/ticket/6368 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/128/head:pr128 git checkout pr128
From 825bfe864b4c2f267f55db6fcc68e16ee8250433 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum <npmccal...@redhat.com> Date: Tue, 27 Sep 2016 14:34:05 -0400 Subject: [PATCH] Properly handle LDAP socket closures in ipa-otpd In at least one case, when an LDAP socket closes, a read event is fired rather than an error event. Without this patch, ipa-otpd silently ignores this event and enters a state where all bind auths fail. To remedy this problem, we pass error events along the same path as read events. Should the actual read fail, we exit. https://bugzilla.redhat.com/show_bug.cgi?id=1377858 https://fedorahosted.org/freeipa/ticket/6368 --- daemons/ipa-otpd/bind.c | 10 ++++------ daemons/ipa-otpd/query.c | 13 ++++++------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/daemons/ipa-otpd/bind.c b/daemons/ipa-otpd/bind.c index 022525b..a98312f 100644 --- a/daemons/ipa-otpd/bind.c +++ b/daemons/ipa-otpd/bind.c @@ -85,6 +85,9 @@ static void on_bind_readable(verto_ctx *vctx, verto_ev *ev) if (rslt <= 0) results = NULL; ldap_msgfree(results); + otpd_log_err(EIO, "IO error received on bind socket"); + verto_break(ctx.vctx); + ctx.exitstatus = 1; return; } @@ -137,11 +140,6 @@ void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev) flags = verto_get_fd_state(ev); if (flags & VERTO_EV_FLAG_IO_WRITE) on_bind_writable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_READ) + if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR)) on_bind_readable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_ERROR) { - otpd_log_err(EIO, "IO error received on bind socket"); - verto_break(ctx.vctx); - ctx.exitstatus = 1; - } } diff --git a/daemons/ipa-otpd/query.c b/daemons/ipa-otpd/query.c index 67e2d75..50e1560 100644 --- a/daemons/ipa-otpd/query.c +++ b/daemons/ipa-otpd/query.c @@ -133,7 +133,11 @@ static void on_query_readable(verto_ctx *vctx, verto_ev *ev) if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) { if (i <= 0) results = NULL; - goto egress; + ldap_msgfree(results); + otpd_log_err(EIO, "IO error received on query socket"); + verto_break(ctx.vctx); + ctx.exitstatus = 1; + return; } item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results)); @@ -243,11 +247,6 @@ void otpd_on_query_io(verto_ctx *vctx, verto_ev *ev) flags = verto_get_fd_state(ev); if (flags & VERTO_EV_FLAG_IO_WRITE) on_query_writable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_READ) + if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR)) on_query_readable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_ERROR) { - otpd_log_err(EIO, "IO error received on query socket"); - verto_break(ctx.vctx); - ctx.exitstatus = 1; - } }
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
