diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2016-09-27 14:34:05 -0400 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-10-06 10:35:25 +0200 |
| commit | 0756ce7d53133793b82674757e125524eede4721 (patch) | |
| tree | b4eadb0c9c3bb308a9d208a5203cae0d20f19369 /daemons | |
| parent | 889f0863b80a0c13a14aa69cd8563b5adde984b2 (diff) | |
| download | freeipa-0756ce7d53133793b82674757e125524eede4721.tar.gz freeipa-0756ce7d53133793b82674757e125524eede4721.tar.xz freeipa-0756ce7d53133793b82674757e125524eede4721.zip | |
Properly handle LDAP socket closures in ipa-otpd
In at least one case, when an LDAP socket closes, a read event is fired
rather than an error event. Without this patch, ipa-otpd silently
ignores this event and enters a state where all bind auths fail.
To remedy this problem, we pass error events along the same path as read
events. Should the actual read fail, we exit.
https://bugzilla.redhat.com/show_bug.cgi?id=1377858
https://fedorahosted.org/freeipa/ticket/6368
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-otpd/bind.c | 10 | ||||
| -rw-r--r-- | daemons/ipa-otpd/query.c | 13 |
2 files changed, 10 insertions, 13 deletions
diff --git a/daemons/ipa-otpd/bind.c b/daemons/ipa-otpd/bind.c index 022525b78..a98312f90 100644 --- a/daemons/ipa-otpd/bind.c +++ b/daemons/ipa-otpd/bind.c @@ -85,6 +85,9 @@ static void on_bind_readable(verto_ctx *vctx, verto_ev *ev) if (rslt <= 0) results = NULL; ldap_msgfree(results); + otpd_log_err(EIO, "IO error received on bind socket"); + verto_break(ctx.vctx); + ctx.exitstatus = 1; return; } @@ -137,11 +140,6 @@ void otpd_on_bind_io(verto_ctx *vctx, verto_ev *ev) flags = verto_get_fd_state(ev); if (flags & VERTO_EV_FLAG_IO_WRITE) on_bind_writable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_READ) + if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR)) on_bind_readable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_ERROR) { - otpd_log_err(EIO, "IO error received on bind socket"); - verto_break(ctx.vctx); - ctx.exitstatus = 1; - } } diff --git a/daemons/ipa-otpd/query.c b/daemons/ipa-otpd/query.c index 67e2d751d..50e156033 100644 --- a/daemons/ipa-otpd/query.c +++ b/daemons/ipa-otpd/query.c @@ -133,7 +133,11 @@ static void on_query_readable(verto_ctx *vctx, verto_ev *ev) if (i != LDAP_RES_SEARCH_ENTRY && i != LDAP_RES_SEARCH_RESULT) { if (i <= 0) results = NULL; - goto egress; + ldap_msgfree(results); + otpd_log_err(EIO, "IO error received on query socket"); + verto_break(ctx.vctx); + ctx.exitstatus = 1; + return; } item = otpd_queue_pop_msgid(&ctx.query.responses, ldap_msgid(results)); @@ -243,11 +247,6 @@ void otpd_on_query_io(verto_ctx *vctx, verto_ev *ev) flags = verto_get_fd_state(ev); if (flags & VERTO_EV_FLAG_IO_WRITE) on_query_writable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_READ) + if (flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_ERROR)) on_query_readable(vctx, ev); - if (flags & VERTO_EV_FLAG_IO_ERROR) { - otpd_log_err(EIO, "IO error received on query socket"); - verto_break(ctx.vctx); - ctx.exitstatus = 1; - } } |