[tpop3d-discuss] Memory leak?

Marc Lewis marc at blarg.net
Fri, 10 May 2002 13:01:46 -0700

On Fri, May 10, 2002 at 08:18:05PM +0100, Chris Lightfoot wrote:
> On Fri, May 10, 2002 at 12:06:45PM -0700, Marc Lewis wrote:
> > The purpose of mentioning all of this is that I don't think that it is
> > necessarily tpop3d that is having the problem, but the way that OpenLDAP
> > handles connections on a busy server.  I haven't looked at the source for
> > the other modules from padl.com to see if they also have loops in their
> > bind or how they handle retry issues, I just know they haven't ever failed
> > like the direct ldap calls have been.
> Could you give me urls for the PAM/NSS stuff? I would be
> interested to see (a) whether they have loops; (b) whether
> there are any obvious leaks in them. As I say, I believe
> that the tpop3d PAM code is correct in the `free of leaks'
> sense.

http://www.padl.com/OSS/pam_ldap.html.  I haven't looked at it myself yet,
only installed it and gotten it working the way I wanted it to.  It was
very straightforward, in fact, RedHat has RPM's for it included with the
7.2 and higher systems, though not installed by default.

> OOI, does the PAM module do bind-as-user or does it just
> dig out the userpassword attribute and authenticate
> against that?

Good question.  I'm fairly sure that it does the bind as "Manager" (or
whatever you have OpenLDAP configured to use), then searches for the user.
I don't believe that it binds directly as the user.  I could be completely
wrong though.

> > I'll be making this patched version live on our system later today, and
> > will let you know if I run into issues.
> OK. I will be interested to hear the results-- clearly I'm
> going to need to fix the auth_ldap stuff, but it would be
> nice to know exactly what's wrong.

Agreed.  I'm going to dig a bit more in the code as it is, but my time,
unfortunatley is very limited.  Once I get a stable POP service running I
need to move on to our next upgrades.  I'll try my best to contribute where
I can, though.

One thing I would like to do to it is add TLS support or give it an inet
mode so it can be wrapped up with stunnel.  But I'll save that for another


 - Marc

Marc Lewis
Network Administrator
Blarg! Online Services, Inc.