areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone

Blame SOURCES/0137-Properly-handle-LDAP-socket-closures-in-ipa-otpd.patch

fef02c
From 31007eff1b8d858dfc51f730b47a7aaefc8e33e8 Mon Sep 17 00:00:00 2001
fef02c
From: Nathaniel McCallum <npmccallum@redhat.com>
fef02c
Date: Tue, 27 Sep 2016 14:34:05 -0400
fef02c
Subject: [PATCH] Properly handle LDAP socket closures in ipa-otpd
fef02c
fef02c
In at least one case, when an LDAP socket closes, a read event is fired
fef02c
rather than an error event. Without this patch, ipa-otpd silently
fef02c
ignores this event and enters a state where all bind auths fail.
fef02c
fef02c
To remedy this problem, we pass error events along the same path as read
fef02c
events. Should the actual read fail, we exit.
fef02c
fef02c
https://bugzilla.redhat.com/show_bug.cgi?id=1377858
fef02c
https://fedorahosted.org/freeipa/ticket/6368
fef02c
fef02c
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
fef02c
---
fef02c
 daemons/ipa-otpd/bind.c  | 10 ++++------
fef02c
 daemons/ipa-otpd/query.c | 13 ++++++-------
fef02c
 2 files changed, 10 insertions(+), 13 deletions(-)
fef02c
fef02c
diff --git a/daemons/ipa-otpd/bind.c b/daemons/ipa-otpd/bind.c
fef02c
index 022525b786705b4f58f861bc3b0a745ab8693755..a98312f906a785bfa9c98603a3577561552bfc0a 100644
fef02c
--- a/daemons/ipa-otpd/bind.c
fef02c
+++ b/daemons/ipa-otpd/bind.c
fef02c
@@ -85,6 +85,9 @@ static void on_bind_readable(verto_ctx *vctx, verto_ev *ev)
fef02c
         if (rslt <= 0)
fef02c
             results = NULL;
fef02c
         ldap_msgfree(results);
fef02c
+        otpd_log_err(EIO, "IO error received on bind socket");
fef02c
+        verto_break(ctx.vctx);
fef02c
+        ctx.exitstatus = 1;
fef02c
         return;
fef02c
     }
fef02c
 
fef02c
@@ -137,11 +140,6 @@ void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev)
fef02c
     flags = verto_get_fd_state(ev);
fef02c
     if (flags & VERTO_EV_FLAG_IO_WRITE)
fef02c
         on_bind_writable(vctx, ev);
fef02c
-    if (flags & VERTO_EV_FLAG_IO_READ)
fef02c
+    if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
fef02c
         on_bind_readable(vctx, ev);
fef02c
-    if (flags & VERTO_EV_FLAG_IO_ERROR) {
fef02c
-        otpd_log_err(EIO, "IO error received on bind socket");
fef02c
-        verto_break(ctx.vctx);
fef02c
-        ctx.exitstatus = 1;
fef02c
-    }
fef02c
 }
fef02c
diff --git a/daemons/ipa-otpd/query.c b/daemons/ipa-otpd/query.c
fef02c
index 67e2d751d8d1511d077a93d7673439be11812e6f..50e15603322c550a0eb14e1e3c502e1a229d1ebe 100644
fef02c
--- a/daemons/ipa-otpd/query.c
fef02c
+++ b/daemons/ipa-otpd/query.c
fef02c
@@ -133,7 +133,11 @@ static void on_query_readable(verto_ctx *vctx, verto_ev *ev)
fef02c
     if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) {
fef02c
         if (i <= 0)
fef02c
             results = NULL;
fef02c
-        goto egress;
fef02c
+        ldap_msgfree(results);
fef02c
+        otpd_log_err(EIO, "IO error received on query socket");
fef02c
+        verto_break(ctx.vctx);
fef02c
+        ctx.exitstatus = 1;
fef02c
+        return;
fef02c
     }
fef02c
 
fef02c
     item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results));
fef02c
@@ -243,11 +247,6 @@ void otpd_on_query_io(verto_ctx *vctx, verto_ev *ev)
fef02c
     flags = verto_get_fd_state(ev);
fef02c
     if (flags & VERTO_EV_FLAG_IO_WRITE)
fef02c
         on_query_writable(vctx, ev);
fef02c
-    if (flags & VERTO_EV_FLAG_IO_READ)
fef02c
+    if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
fef02c
         on_query_readable(vctx, ev);
fef02c
-    if (flags & VERTO_EV_FLAG_IO_ERROR) {
fef02c
-        otpd_log_err(EIO, "IO error received on query socket");
fef02c
-        verto_break(ctx.vctx);
fef02c
-        ctx.exitstatus = 1;
fef02c
-    }
fef02c
 }
fef02c
-- 
fef02c
2.10.2
fef02c