URL: https://github.com/freeipa/freeipa/pull/128
Author: npmccallum
 Title: #128: Properly handle LDAP socket closures in ipa-otpd
Action: opened

PR body:
"""
In at least one case, when an LDAP socket closes, a read event is fired
rather than an error event. Without this patch, ipa-otpd silently
ignores this event and enters a state where all bind auths fail.

To remedy this problem, we pass error events along the same path as read
events. Should the actual read fail, we exit.

https://bugzilla.redhat.com/show_bug.cgi?id=1377858
https://fedorahosted.org/freeipa/ticket/6368
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/128/head:pr128
git checkout pr128
From 825bfe864b4c2f267f55db6fcc68e16ee8250433 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Tue, 27 Sep 2016 14:34:05 -0400
Subject: [PATCH] Properly handle LDAP socket closures in ipa-otpd

In at least one case, when an LDAP socket closes, a read event is fired
rather than an error event. Without this patch, ipa-otpd silently
ignores this event and enters a state where all bind auths fail.

To remedy this problem, we pass error events along the same path as read
events. Should the actual read fail, we exit.

https://bugzilla.redhat.com/show_bug.cgi?id=1377858
https://fedorahosted.org/freeipa/ticket/6368
---
 daemons/ipa-otpd/bind.c  | 10 ++++------
 daemons/ipa-otpd/query.c | 13 ++++++-------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/daemons/ipa-otpd/bind.c b/daemons/ipa-otpd/bind.c
index 022525b..a98312f 100644
--- a/daemons/ipa-otpd/bind.c
+++ b/daemons/ipa-otpd/bind.c
@@ -85,6 +85,9 @@ static void on_bind_readable(verto_ctx *vctx, verto_ev *ev)
         if (rslt <= 0)
             results = NULL;
         ldap_msgfree(results);
+        otpd_log_err(EIO, "IO error received on bind socket");
+        verto_break(ctx.vctx);
+        ctx.exitstatus = 1;
         return;
     }
 
@@ -137,11 +140,6 @@ void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev)
     flags = verto_get_fd_state(ev);
     if (flags & VERTO_EV_FLAG_IO_WRITE)
         on_bind_writable(vctx, ev);
-    if (flags & VERTO_EV_FLAG_IO_READ)
+    if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
         on_bind_readable(vctx, ev);
-    if (flags & VERTO_EV_FLAG_IO_ERROR) {
-        otpd_log_err(EIO, "IO error received on bind socket");
-        verto_break(ctx.vctx);
-        ctx.exitstatus = 1;
-    }
 }
diff --git a/daemons/ipa-otpd/query.c b/daemons/ipa-otpd/query.c
index 67e2d75..50e1560 100644
--- a/daemons/ipa-otpd/query.c
+++ b/daemons/ipa-otpd/query.c
@@ -133,7 +133,11 @@ static void on_query_readable(verto_ctx *vctx, verto_ev *ev)
     if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) {
         if (i <= 0)
             results = NULL;
-        goto egress;
+        ldap_msgfree(results);
+        otpd_log_err(EIO, "IO error received on query socket");
+        verto_break(ctx.vctx);
+        ctx.exitstatus = 1;
+        return;
     }
 
     item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results));
@@ -243,11 +247,6 @@ void otpd_on_query_io(verto_ctx *vctx, verto_ev *ev)
     flags = verto_get_fd_state(ev);
     if (flags & VERTO_EV_FLAG_IO_WRITE)
         on_query_writable(vctx, ev);
-    if (flags & VERTO_EV_FLAG_IO_READ)
+    if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR))
         on_query_readable(vctx, ev);
-    if (flags & VERTO_EV_FLAG_IO_ERROR) {
-        otpd_log_err(EIO, "IO error received on query socket");
-        verto_break(ctx.vctx);
-        ctx.exitstatus = 1;
-    }
 }
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to