File 151022-LDAP-Fix-leak-of-file-descriptors.patch of Package sssd.openSUSE_Leap_42.1_Update

From 1916410739d8096a52c1ff990bb977322ead6ef6 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 22 Oct 2015 10:30:12 +0200
Subject: [PATCH] LDAP: Fix leak of file descriptors

The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection

The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".

It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.

We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.

[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]

Resolves:
https://fedorahosted.org/sssd/ticket/2792

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a10f67d4c64f3b1243de5d86a996475361adf0ac)
(cherry picked from commit db2fdba6f3cecd0612439988e61be60d5d8576bf)
(cherry picked from commit 2136f71c94660bcdde83f80feb83734389d57674)

diff -rupN sssd-1.11.5.1-original/src/util/sss_ldap.c sssd-1.11.5.1-patched/src/util/sss_ldap.c
--- sssd-1.11.5.1-original/src/util/sss_ldap.c	2017-01-30 14:21:37.568331768 +0100
+++ sssd-1.11.5.1-patched/src/util/sss_ldap.c	2017-01-30 14:21:48.140445270 +0100
@@ -298,6 +298,22 @@ struct sss_ldap_init_state {
 #endif
 };
 
+static int sss_ldap_init_state_destructor(void *data)
+{
+    struct sss_ldap_init_state *state = (struct sss_ldap_init_state *)data;
+
+    if (state->ldap) {
+        DEBUG(SSSDBG_TRACE_FUNC,
+              ("calling ldap_unbind_ext for ldap:[%p] sd:[%d]\n",
+              state->ldap, state->sd));
+        ldap_unbind_ext(state->ldap, NULL, NULL);
+    } else if (state->sd != -1) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("closing socket [%d]\n", state->sd));
+        close(state->sd);
+    }
+
+    return 0;
+}
 
 struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
                                       struct tevent_context *ev,
@@ -315,6 +331,8 @@ struct tevent_req *sss_ldap_init_send(TA
         return NULL;
     }
 
+    talloc_set_destructor((TALLOC_CTX *)state, sss_ldap_init_state_destructor);
+
     state->ldap = NULL;
     state->uri = uri;
 
@@ -361,9 +379,6 @@ struct tevent_req *sss_ldap_init_send(TA
     return req;
 
 fail:
-    if(state->sd >= 0) {
-        close(state->sd);
-    }
     tevent_req_error(req, ret);
 #else
     DEBUG(3, ("ldap_init_fd not available, "
@@ -445,11 +460,6 @@ static void sss_ldap_init_sys_connect_do
     return;
 
 fail:
-    if (state->ldap) {
-        ldap_unbind_ext(state->ldap, NULL, NULL);
-    } else {
-        close(state->sd);
-    }
     tevent_req_error(req, ret);
 }
 #endif
@@ -460,6 +470,9 @@ int sss_ldap_init_recv(struct tevent_req
                                                     struct sss_ldap_init_state);
     TEVENT_REQ_RETURN_ON_ERROR(req);
 
+    /* Everything went well therefore we do not want to release resources */
+    talloc_set_destructor(state, NULL);
+
     *ldap = state->ldap;
     *sd = state->sd;