From d8fbc520c632094055325a887b0346eae21f6002 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 20 Aug 2012 12:57:03 +0200 Subject: Close LDAP connection when unable to install TLS We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490 --- src/util/sss_ldap.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c index a90d740a..581b7b15 100644 --- a/src/util/sss_ldap.c +++ b/src/util/sss_ldap.c @@ -417,9 +417,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("sdap_async_sys_connect request failed.\n")); - close(state->sd); - tevent_req_error(req, ret); - return; + goto fail; } /* Initialize LDAP handler */ @@ -427,13 +425,8 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) if (lret != LDAP_SUCCESS) { DEBUG(1, ("ldap_init_fd failed: %s. [%ld][%s]\n", sss_ldap_err2string(lret), state->sd, state->uri)); - close(state->sd); - if (lret == LDAP_SERVER_DOWN) { - tevent_req_error(req, ETIMEDOUT); - } else { - tevent_req_error(req, EIO); - } - return; + ret = lret == LDAP_SERVER_DOWN ? ETIMEDOUT : EIO; + goto fail; } if (ldap_is_ldaps_url(state->uri)) { @@ -444,15 +437,22 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) } else { DEBUG(1, ("ldap_install_tls failed: %s\n", sss_ldap_err2string(lret))); - - tevent_req_error(req, EIO); - return; + ret = EIO; + goto fail; } } } tevent_req_done(req); return; + +fail: + if (state->ldap) { + ldap_destroy(state->ldap); + } else { + close(state->sd); + } + tevent_req_error(req, ret); } #endif -- cgit