Fix LDAP connection leak (issue 139)

diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index 7f0feece918df1c3064c7a8f7e621b003d91738b..0ad5879d75c99a6ea7928ce7da2cfe13b7f27d00 100644 (file)
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -11,6 +11,7 @@ If you are updating from an earlier release AND you have indexed branches with t
 \r
 #### fixes\r
 \r
+- Fixed connection leak in LDAPUserService (issue 139)\r
 - Fixed bug in commit page where changes to a submodule threw a null pointer exception (issue 132)\r
 - Fixed bug in the diff view for filenames that have non-ASCII characters (issue 128)\r
 \r

diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 54a55752834be84683915c601ea09526340ccba6..9ce18f6d7ceecaca2ac10f72470e7e70fc7b65b6 100644 (file)
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -160,48 +160,51 @@ public class LdapUserService extends GitblitUserService {
        public UserModel authenticate(String username, char[] password) {\r
                String simpleUsername = getSimpleUsername(username);\r
                \r
-               LDAPConnection ldapConnection = getLdapConnection();            \r
+               LDAPConnection ldapConnection = getLdapConnection();\r
                if (ldapConnection != null) {\r
-                       // Find the logging in user's DN\r
-                       String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");\r
-                       String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");\r
-                       accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));\r
+                       try {\r
+                               // Find the logging in user's DN\r
+                               String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");\r
+                               String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");\r
+                               accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));\r
 \r
-                       SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);\r
-                       if (result != null && result.getEntryCount() == 1) {\r
-                               SearchResultEntry loggingInUser = result.getSearchEntries().get(0);\r
-                               String loggingInUserDN = loggingInUser.getDN();\r
-                               \r
-                               if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {\r
-                                       logger.debug("LDAP authenticated: " + username);\r
-                                       \r
-                                       UserModel user = getUserModel(simpleUsername);\r
-                                       if (user == null)       // create user object for new authenticated user\r
-                                               user = new UserModel(simpleUsername);\r
+                               SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);\r
+                               if (result != null && result.getEntryCount() == 1) {\r
+                                       SearchResultEntry loggingInUser = result.getSearchEntries().get(0);\r
+                                       String loggingInUserDN = loggingInUser.getDN();\r
 \r
-                                       // create a user cookie\r
-                                       if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {\r
-                                               user.cookie = StringUtils.getSHA1(user.username + new String(password));\r
-                                       }\r
-                                       \r
-                                       if (!supportsTeamMembershipChanges())\r
-                                               getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);\r
-                                       \r
-                                       // Get User Attributes\r
-                                       setUserAttributes(user, loggingInUser);\r
+                                       if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {\r
+                                               logger.debug("LDAP authenticated: " + username);\r
+\r
+                                               UserModel user = getUserModel(simpleUsername);\r
+                                               if (user == null)       // create user object for new authenticated user\r
+                                                       user = new UserModel(simpleUsername);\r
 \r
-                                       // Push the ldap looked up values to backing file\r
-                                       super.updateUserModel(user);\r
-                                       if (!supportsTeamMembershipChanges()) {\r
-                                               for (TeamModel userTeam : user.teams)\r
-                                                       updateTeamModel(userTeam);\r
+                                               // create a user cookie\r
+                                               if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {\r
+                                                       user.cookie = StringUtils.getSHA1(user.username + new String(password));\r
+                                               }\r
+\r
+                                               if (!supportsTeamMembershipChanges())\r
+                                                       getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);\r
+\r
+                                               // Get User Attributes\r
+                                               setUserAttributes(user, loggingInUser);\r
+\r
+                                               // Push the ldap looked up values to backing file\r
+                                               super.updateUserModel(user);\r
+                                               if (!supportsTeamMembershipChanges()) {\r
+                                                       for (TeamModel userTeam : user.teams)\r
+                                                               updateTeamModel(userTeam);\r
+                                               }\r
+\r
+                                               return user;\r
                                        }\r
-                                                       \r
-                                       return user;\r
                                }\r
+                       } finally {\r
+                               ldapConnection.close();\r
                        }\r
                }\r
-               \r
                return null;            \r
        }\r
 \r