diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-08-20 12:57:03 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-21 12:36:19 +0200 |
commit | d8fbc520c632094055325a887b0346eae21f6002 (patch) | |
tree | c53590ccc09d10cab5940c45fd83760986b64531 | |
parent | aeb816c6906c741dff6aa3dfe5ebae93cebed8f1 (diff) | |
download | sssd-d8fbc520c632094055325a887b0346eae21f6002.tar.gz sssd-d8fbc520c632094055325a887b0346eae21f6002.tar.bz2 sssd-d8fbc520c632094055325a887b0346eae21f6002.zip |
Close LDAP connection when unable to install TLS
We were not closing LDAP connection when using SSL
with invalid certificate.
https://fedorahosted.org/sssd/ticket/1490
-rw-r--r-- | src/util/sss_ldap.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c index a90d740a..581b7b15 100644 --- a/src/util/sss_ldap.c +++ b/src/util/sss_ldap.c @@ -417,9 +417,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("sdap_async_sys_connect request failed.\n")); - close(state->sd); - tevent_req_error(req, ret); - return; + goto fail; } /* Initialize LDAP handler */ @@ -427,13 +425,8 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) if (lret != LDAP_SUCCESS) { DEBUG(1, ("ldap_init_fd failed: %s. [%ld][%s]\n", sss_ldap_err2string(lret), state->sd, state->uri)); - close(state->sd); - if (lret == LDAP_SERVER_DOWN) { - tevent_req_error(req, ETIMEDOUT); - } else { - tevent_req_error(req, EIO); - } - return; + ret = lret == LDAP_SERVER_DOWN ? ETIMEDOUT : EIO; + goto fail; } if (ldap_is_ldaps_url(state->uri)) { @@ -444,15 +437,22 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) } else { DEBUG(1, ("ldap_install_tls failed: %s\n", sss_ldap_err2string(lret))); - - tevent_req_error(req, EIO); - return; + ret = EIO; + goto fail; } } } tevent_req_done(req); return; + +fail: + if (state->ldap) { + ldap_destroy(state->ldap); + } else { + close(state->sd); + } + tevent_req_error(req, ret); } #endif |