Attached is a patch that fixes a minor error in CheckLDAPAuth() in 8.2:
when an LDAP handle is obtained via ldap_init(), it needs to be released
via ldap_unbind(). The code did this, but only if an error did not
occur.

I fixed this by adding the appropriate ldap_unbind() calls in error
control paths. An alternative would be to have a single place do the
error handling, and jump to that via goto. Anyone have any strong
feelings about which style is preferable here? I also didn't bother
checking the return value of ldap_unbind().

I also made a minor stylistic fix (use a "bool" for a boolean variable,
not an int).

Barring any objections, I'll apply this to HEAD tomorrow.

-Neil

Index: src/backend/libpq/auth.c
===================================================================
RCS file: /home/neilc/postgres/cvs_root/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.145
diff -c -p -r1.145 auth.c
*** src/backend/libpq/auth.c	6 Oct 2006 17:13:59 -0000	1.145
--- src/backend/libpq/auth.c	5 Nov 2006 00:28:19 -0000
*************** CheckLDAPAuth(Port *port)
*** 716,722 ****
  	char		prefix[128];
  	char		suffix[128];
  	LDAP	   *ldap;
! 	int			ssl = 0;
  	int			r;
  	int			ldapversion = LDAP_VERSION3;
  	int			ldapport = LDAP_PORT;
--- 716,722 ----
  	char		prefix[128];
  	char		suffix[128];
  	LDAP	   *ldap;
! 	bool		ssl = false;
  	int			r;
  	int			ldapversion = LDAP_VERSION3;
  	int			ldapport = LDAP_PORT;
*************** CheckLDAPAuth(Port *port)
*** 750,756 ****
  				   "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s",
  				   server, &ldapport, basedn, prefix, suffix);
  		if (r >= 3)
! 			ssl = 1;
  	}
  	if (r < 3)
  	{
--- 750,756 ----
  				   "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s",
  				   server, &ldapport, basedn, prefix, suffix);
  		if (r >= 3)
! 			ssl = true;
  	}
  	if (r < 3)
  	{
*************** CheckLDAPAuth(Port *port)
*** 766,772 ****
  				   "ldaps://%127[^/]/%127[^;];%127[^;];%127s",
  				   server, basedn, prefix, suffix);
  		if (r >= 2)
! 			ssl = 1;
  	}
  	if (r < 2)
  	{
--- 766,772 ----
  				   "ldaps://%127[^/]/%127[^;];%127[^;];%127s",
  				   server, basedn, prefix, suffix);
  		if (r >= 2)
! 			ssl = true;
  	}
  	if (r < 2)
  	{
*************** CheckLDAPAuth(Port *port)
*** 799,806 ****
  
  	if ((r = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS)
  	{
  		ereport(LOG,
! 		  (errmsg("could not set LDAP protocol version: error code %d", r)));
  		return STATUS_ERROR;
  	}
  
--- 799,807 ----
  
  	if ((r = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapversion)) != LDAP_SUCCESS)
  	{
+ 		ldap_unbind(ldap);
  		ereport(LOG,
! 				(errmsg("could not set LDAP protocol version: error code %d", r)));
  		return STATUS_ERROR;
  	}
  
*************** CheckLDAPAuth(Port *port)
*** 827,832 ****
--- 828,834 ----
  				 * should never happen since we import other files from
  				 * wldap32, but check anyway
  				 */
+ 				ldap_unbind(ldap);
  				ereport(LOG,
  						(errmsg("could not load wldap32.dll")));
  				return STATUS_ERROR;
*************** CheckLDAPAuth(Port *port)
*** 834,839 ****
--- 836,842 ----
  			_ldap_start_tls_sA = (__ldap_start_tls_sA) GetProcAddress(ldaphandle, "ldap_start_tls_sA");
  			if (_ldap_start_tls_sA == NULL)
  			{
+ 				ldap_unbind(ldap);
  				ereport(LOG,
  						(errmsg("could not load function _ldap_start_tls_sA in wldap32.dll"),
  						 errdetail("LDAP over SSL is not supported on this platform.")));
*************** CheckLDAPAuth(Port *port)
*** 849,856 ****
  		if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS)
  #endif
  		{
  			ereport(LOG,
! 			 (errmsg("could not start LDAP TLS session: error code %d", r)));
  			return STATUS_ERROR;
  		}
  	}
--- 852,860 ----
  		if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS)
  #endif
  		{
+ 			ldap_unbind(ldap);
  			ereport(LOG,
! 					(errmsg("could not start LDAP TLS session: error code %d", r)));
  			return STATUS_ERROR;
  		}
  	}
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to