about summary refs log tree commit diff
path: root/web/panettone/src
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-02-02T17·55+0300
committertazjin <tazjin@tvl.su>2022-02-07T17·13+0000
commit67a31e72525471fa4d384fcd9cf1b0918965d9b5 (patch)
tree67eeb90ee542cb4e3341a670223e52a93b6f47e1 /web/panettone/src
parent0d0b43ed8819e66a0888eb6d1d1f47b171ae62e0 (diff)
fix(web/panettone): unbind LDAP connections after auth r/3777
unbind & close the stream of newly created LDAP connections after
auth, which might prevent some of the resource leaking we've got going
on

i did actually verify in sly that this still works. yay.

Change-Id: I92c8ca20de642585ae4c24aa455d051ee6e44a87
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5193
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Diffstat (limited to 'web/panettone/src')
-rw-r--r--web/panettone/src/authentication.lisp20
1 files changed, 10 insertions, 10 deletions
diff --git a/web/panettone/src/authentication.lisp b/web/panettone/src/authentication.lisp
index c3353450201d..3d4a3510ea05 100644
--- a/web/panettone/src/authentication.lisp
+++ b/web/panettone/src/authentication.lisp
@@ -103,13 +103,13 @@ instance of `user'"
 request against the ldap server at *ldap*. Returns the user if authentication is
 successful, `nil' otherwise"
   (when-let ((user (if (typep user-or-username 'user) user-or-username
-                       (find-user user-or-username))))
-    (let ((dn (dn user)))
-      (let ((code-sym
-              (nth-value 1 (ldap:bind
-                            (ldap:new-ldap :host (ldap:host *ldap*)
-                                           :port (ldap:port *ldap*)
-                                           :user dn
-                                           :pass password)))))
-        (when (equalp code-sym 'trivial-ldap:success)
-          user)))))
+                     (find-user user-or-username))))
+    (let* ((dn (dn user))
+           (conn (ldap:new-ldap :host (ldap:host *ldap*)
+                                :port (ldap:port *ldap*)
+                                :user dn
+                                :pass password))
+           (code-sym (nth-value 1 (unwind-protect (ldap:bind conn)
+                                    (ldap:unbind conn)))))
+      (when (equalp code-sym 'trivial-ldap:success)
+        user))))