SSSD / sssd

Clone

31459a0 UTIL: Unset O_NONBLOCK for ldap connection

Authored and Committed by lslebodn 7 years ago
raw patch tree parent
1 file changed. 33 lines added. 0 lines removed.
src/util/sss_ldap.c
file modified
+33 -0 
    UTIL: Unset O_NONBLOCK for ldap connection
    
    Before the commit 75e66c388862a4ba05afe0791c5503226395bad0,
    the flag O_NONBLOCK was set only for the connect syscall
    in request sssd_async_connect_send -> sssd_async_connect_send.
    Such change was done for secrets provider.
    
    However, if ldap is compiled with gnutls it caused problems with
    start_tls and ldaps. There is not a problem with libldap 2.5 + gnutls
    because libldap is compiled with LDAP_USE_NON_BLOCKING_TLS
    
      OpenLDAP Server log:
      5810cf2f connection_get(23): got connid=1042
      5810cf2f connection_read(23): checking for input on id=1042
      TLS: error: accept - force handshake failure: errno 11 - moznss error -12234
      TLS: can't accept: TLS error -12234:SSL received an unexpected Application Data record..
      5810cf2f connection_read(23): TLS accept failure error=-1 id=1042, closing
      5810cf2f connection_close: conn=1042 sd=23
    
      sssd domain log:
      [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,dc=example,dc=com
      [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2
      [sdap_op_add] (0x2000): New operation 2 timeout 6
      [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0]
      [sdap_process_result] (0x2000): Trace: end of ldap_result list
      [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0]
      [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]
      [sdap_handle_release] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0], destructor_lock[0], release_memory[0]
      [remove_connection_callback] (0x4000): Successfully removed connection callback.
      [sdap_op_destructor] (0x1000): Abandoning operation 2
      [dp_req_done] (0x0400): DP Request [PAM Authenticate #3]: Request handler finished [0]: Success
      [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #3]: Receiving request data.
      [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #3]: Request removed.
      [dp_req_destructor] (0x0400): Number of active DP request: 0
      [dp_method_enabled] (0x0400): Target selinux is not configured
      [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #3]: Sending result [4][LDAP]
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/3189
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+33 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.