diff options
author | Mustafa Kemal Gilor <mustafa.gilor@canonical.com> | 2022-12-05 17:33:47 +0300 |
---|---|---|
committer | Mustafa Kemal Gilor <mustafa.gilor@canonical.com> | 2023-02-24 07:07:44 +0000 |
commit | 7c30c9e000b58055b61d8cf58e52493f2b5aba8a (patch) | |
tree | fa7cf98a81f96f652b77590c069814b34b2c7beb /keystone/tests/unit/fakeldap.py | |
parent | e4e097c5bcf981199563bd721ac643900d3fb616 (diff) | |
download | keystone-stable/zed.tar.gz |
[PooledLDAPHandler] Ensure result3() invokes message.clean()stable/zed
result3 does not invoke message.clean() when an exception is thrown
by `message.connection.result3()` call, causing pool connection
associated with the message to be marked active forever. This causes
a denial-of-service on ldappool.
The fix ensures message.clean() is invoked by wrapping the offending
call in try-except-finally and putting the message.clean() in finally
block.
Closes-Bug: #1998789
Change-Id: I59ebf0fa77391d49b2349e918fc55f96318c42a6
Signed-off-by: Mustafa Kemal Gilor <mustafa.gilor@canonical.com>
(cherry picked from commit ff632a81fb09e6d9f3298e494d53eb6df50269cf)
Diffstat (limited to 'keystone/tests/unit/fakeldap.py')
-rw-r--r-- | keystone/tests/unit/fakeldap.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/keystone/tests/unit/fakeldap.py b/keystone/tests/unit/fakeldap.py index f374322d1..5119305a7 100644 --- a/keystone/tests/unit/fakeldap.py +++ b/keystone/tests/unit/fakeldap.py @@ -296,6 +296,9 @@ class FakeLdap(common.LDAPHandler): raise ldap.SERVER_DOWN whos = ['cn=Admin', CONF.ldap.user] if (who in whos and cred in ['password', CONF.ldap.password]): + self.connected = True + self.who = who + self.cred = cred return attrs = self.db.get(self.key(who)) @@ -316,6 +319,9 @@ class FakeLdap(common.LDAPHandler): def unbind_s(self): """Provide for compatibility but this method is ignored.""" + self.connected = False + self.who = None + self.cred = None if server_fail: raise ldap.SERVER_DOWN @@ -534,7 +540,7 @@ class FakeLdap(common.LDAPHandler): raise exception.NotImplemented() # only passing a single server control is supported by this fake ldap - if len(serverctrls) > 1: + if serverctrls and len(serverctrls) > 1: raise exception.NotImplemented() # search_ext is async and returns an identifier used for @@ -589,6 +595,7 @@ class FakeLdapPool(FakeLdap): def __init__(self, uri, retry_max=None, retry_delay=None, conn=None): super(FakeLdapPool, self).__init__(conn=conn) self.url = uri + self._uri = uri self.connected = None self.conn = self self._connection_time = 5 # any number greater than 0 |