summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-08-20 12:57:03 +0200
committerJakub Hrozek <jhrozek@redhat.com>2012-08-21 12:36:19 +0200
commitd8fbc520c632094055325a887b0346eae21f6002 (patch)
treec53590ccc09d10cab5940c45fd83760986b64531
parentaeb816c6906c741dff6aa3dfe5ebae93cebed8f1 (diff)
downloadsssd-d8fbc520c632094055325a887b0346eae21f6002.tar.gz
sssd-d8fbc520c632094055325a887b0346eae21f6002.tar.bz2
sssd-d8fbc520c632094055325a887b0346eae21f6002.zip
Close LDAP connection when unable to install TLS
We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490
-rw-r--r--src/util/sss_ldap.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c
index a90d740a..581b7b15 100644
--- a/src/util/sss_ldap.c
+++ b/src/util/sss_ldap.c
@@ -417,9 +417,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(1, ("sdap_async_sys_connect request failed.\n"));
- close(state->sd);
- tevent_req_error(req, ret);
- return;
+ goto fail;
}
/* Initialize LDAP handler */
@@ -427,13 +425,8 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
if (lret != LDAP_SUCCESS) {
DEBUG(1, ("ldap_init_fd failed: %s. [%ld][%s]\n",
sss_ldap_err2string(lret), state->sd, state->uri));
- close(state->sd);
- if (lret == LDAP_SERVER_DOWN) {
- tevent_req_error(req, ETIMEDOUT);
- } else {
- tevent_req_error(req, EIO);
- }
- return;
+ ret = lret == LDAP_SERVER_DOWN ? ETIMEDOUT : EIO;
+ goto fail;
}
if (ldap_is_ldaps_url(state->uri)) {
@@ -444,15 +437,22 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
} else {
DEBUG(1, ("ldap_install_tls failed: %s\n",
sss_ldap_err2string(lret)));
-
- tevent_req_error(req, EIO);
- return;
+ ret = EIO;
+ goto fail;
}
}
}
tevent_req_done(req);
return;
+
+fail:
+ if (state->ldap) {
+ ldap_destroy(state->ldap);
+ } else {
+ close(state->sd);
+ }
+ tevent_req_error(req, ret);
}
#endif