|
 |
fef02c |
From 31007eff1b8d858dfc51f730b47a7aaefc8e33e8 Mon Sep 17 00:00:00 2001
|
|
|
fef02c |
From: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
fef02c |
Date: Tue, 27 Sep 2016 14:34:05 -0400
|
|
|
fef02c |
Subject: [PATCH] Properly handle LDAP socket closures in ipa-otpd
|
|
|
fef02c |
|
|
|
fef02c |
In at least one case, when an LDAP socket closes, a read event is fired
|
|
|
fef02c |
rather than an error event. Without this patch, ipa-otpd silently
|
|
|
fef02c |
ignores this event and enters a state where all bind auths fail.
|
|
|
fef02c |
|
|
|
fef02c |
To remedy this problem, we pass error events along the same path as read
|
|
|
fef02c |
events. Should the actual read fail, we exit.
|
|
|
fef02c |
|
|
|
fef02c |
https://bugzilla.redhat.com/show_bug.cgi?id=1377858
|
|
|
fef02c |
https://fedorahosted.org/freeipa/ticket/6368
|
|
|
fef02c |
|
|
|
fef02c |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
fef02c |
---
|
|
|
fef02c |
daemons/ipa-otpd/bind.c | 10 ++++------
|
|
|
fef02c |
daemons/ipa-otpd/query.c | 13 ++++++-------
|
|
|
fef02c |
2 files changed, 10 insertions(+), 13 deletions(-)
|
|
|
fef02c |
|
|
|
fef02c |
diff --git a/daemons/ipa-otpd/bind.c b/daemons/ipa-otpd/bind.c
|
|
|
fef02c |
index 022525b786705b4f58f861bc3b0a745ab8693755..a98312f906a785bfa9c98603a3577561552bfc0a 100644
|
|
|
fef02c |
--- a/daemons/ipa-otpd/bind.c
|
|
|
fef02c |
+++ b/daemons/ipa-otpd/bind.c
|
|
|
fef02c |
@@ -85,6 +85,9 @@ static void on_bind_readable(verto_ctx *vctx, verto_ev *ev)
|
|
|
fef02c |
if (rslt <= 0)
|
|
|
fef02c |
results = NULL;
|
|
|
fef02c |
ldap_msgfree(results);
|
|
|
fef02c |
+ otpd_log_err(EIO, "IO error received on bind socket");
|
|
|
fef02c |
+ verto_break(ctx.vctx);
|
|
|
fef02c |
+ ctx.exitstatus = 1;
|
|
|
fef02c |
return;
|
|
|
fef02c |
}
|
|
|
fef02c |
|
|
|
fef02c |
@@ -137,11 +140,6 @@ void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev)
|
|
|
fef02c |
flags = verto_get_fd_state(ev);
|
|
|
fef02c |
if (flags & VERTO_EV_FLAG_IO_WRITE)
|
|
|
fef02c |
on_bind_writable(vctx, ev);
|
|
|
fef02c |
- if (flags & VERTO_EV_FLAG_IO_READ)
|
|
|
fef02c |
+ if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
|
|
|
fef02c |
on_bind_readable(vctx, ev);
|
|
|
fef02c |
- if (flags & VERTO_EV_FLAG_IO_ERROR) {
|
|
|
fef02c |
- otpd_log_err(EIO, "IO error received on bind socket");
|
|
|
fef02c |
- verto_break(ctx.vctx);
|
|
|
fef02c |
- ctx.exitstatus = 1;
|
|
|
fef02c |
- }
|
|
|
fef02c |
}
|
|
|
fef02c |
diff --git a/daemons/ipa-otpd/query.c b/daemons/ipa-otpd/query.c
|
|
|
fef02c |
index 67e2d751d8d1511d077a93d7673439be11812e6f..50e15603322c550a0eb14e1e3c502e1a229d1ebe 100644
|
|
|
fef02c |
--- a/daemons/ipa-otpd/query.c
|
|
|
fef02c |
+++ b/daemons/ipa-otpd/query.c
|
|
|
fef02c |
@@ -133,7 +133,11 @@ static void on_query_readable(verto_ctx *vctx, verto_ev *ev)
|
|
|
fef02c |
if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) {
|
|
|
fef02c |
if (i <= 0)
|
|
|
fef02c |
results = NULL;
|
|
|
fef02c |
- goto egress;
|
|
|
fef02c |
+ ldap_msgfree(results);
|
|
|
fef02c |
+ otpd_log_err(EIO, "IO error received on query socket");
|
|
|
fef02c |
+ verto_break(ctx.vctx);
|
|
|
fef02c |
+ ctx.exitstatus = 1;
|
|
|
fef02c |
+ return;
|
|
|
fef02c |
}
|
|
|
fef02c |
|
|
|
fef02c |
item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results));
|
|
|
fef02c |
@@ -243,11 +247,6 @@ void otpd_on_query_io(verto_ctx *vctx, verto_ev *ev)
|
|
|
fef02c |
flags = verto_get_fd_state(ev);
|
|
|
fef02c |
if (flags & VERTO_EV_FLAG_IO_WRITE)
|
|
|
fef02c |
on_query_writable(vctx, ev);
|
|
|
fef02c |
- if (flags & VERTO_EV_FLAG_IO_READ)
|
|
|
fef02c |
+ if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
|
|
|
fef02c |
on_query_readable(vctx, ev);
|
|
|
fef02c |
- if (flags & VERTO_EV_FLAG_IO_ERROR) {
|
|
|
fef02c |
- otpd_log_err(EIO, "IO error received on query socket");
|
|
|
fef02c |
- verto_break(ctx.vctx);
|
|
|
fef02c |
- ctx.exitstatus = 1;
|
|
|
fef02c |
- }
|
|
|
fef02c |
}
|
|
|
fef02c |
--
|
|
|
fef02c |
2.10.2
|
|
|
fef02c |
|