[tpop3d-discuss] Memory leak?

Marc Lewis marc at blarg.net
Fri, 10 May 2002 13:01:46 -0700 

On Fri, May 10, 2002 at 08:18:05PM +0100, Chris Lightfoot wrote:
> On Fri, May 10, 2002 at 12:06:45PM -0700, Marc Lewis wrote:
[snip]
> > The purpose of mentioning all of this is that I don't think that it is
> > necessarily tpop3d that is having the problem, but the way that OpenLDAP
> > handles connections on a busy server.  I haven't looked at the source for
> > the other modules from padl.com to see if they also have loops in their
> > bind or how they handle retry issues, I just know they haven't ever failed
> > like the direct ldap calls have been.
> 
> Could you give me urls for the PAM/NSS stuff? I would be
> interested to see (a) whether they have loops; (b) whether
> there are any obvious leaks in them. As I say, I believe
> that the tpop3d PAM code is correct in the `free of leaks'
> sense.

http://www.padl.com/OSS/pam_ldap.html.  I haven't looked at it myself yet,
only installed it and gotten it working the way I wanted it to.  It was
very straightforward, in fact, RedHat has RPM's for it included with the
7.2 and higher systems, though not installed by default.

> OOI, does the PAM module do bind-as-user or does it just
> dig out the userpassword attribute and authenticate
> against that?

Good question.  I'm fairly sure that it does the bind as "Manager" (or
whatever you have OpenLDAP configured to use), then searches for the user.
I don't believe that it binds directly as the user.  I could be completely
wrong though.

> > I'll be making this patched version live on our system later today, and
> > will let you know if I run into issues.
> 
> OK. I will be interested to hear the results-- clearly I'm
> going to need to fix the auth_ldap stuff, but it would be
> nice to know exactly what's wrong.

Agreed.  I'm going to dig a bit more in the code as it is, but my time,
unfortunatley is very limited.  Once I get a stable POP service running I
need to move on to our next upgrades.  I'll try my best to contribute where
I can, though.

One thing I would like to do to it is add TLS support or give it an inet
mode so it can be wrapped up with stunnel.  But I'll save that for another
day....

Thanks.

 - Marc

-- 
Marc Lewis
Network Administrator
Blarg! Online Services, Inc.
http://www.blarg.net/~marc