HPCC-16611 Ignore SIGPIPE after ldap_bind() calls

Signed-off-by: Mark Kelly <mark.kelly@lexisnexis.com>

system/jlib/jthread.cpp

@@ -1640,20 +1640,24 @@ class CIgnoreSIGPIPE
 public:
     CIgnoreSIGPIPE()
     {
+        oact.sa_handler = SIG_IGN;
         struct sigaction act;
         sigset_t blockset;
         sigemptyset(&blockset);
         act.sa_mask = blockset;
         act.sa_handler = SIG_IGN;
         act.sa_flags = 0;
-        sigaction(SIGPIPE, &act, NULL);
+        sigaction(SIGPIPE, &act, &oact);
     }
 
     ~CIgnoreSIGPIPE()
     {
-        signal(SIGPIPE, SIG_DFL);
+        if (oact.sa_handler != SIG_IGN)
+            sigaction(SIGPIPE, &oact, NULL);
     }
 
+private:
+    struct sigaction oact;
 };
 
 #define WHITESPACE " \t\n\r"

system/security/LdapSecurity/ldaputils.cpp

@@ -110,11 +110,16 @@ int LdapUtils::LdapSimpleBind(LDAP* ld, char* userdn, char* password)
     ldap_set_option(ld, LDAP_OPT_TIMEOUT, &timeout);
     ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
 #endif
-    return ldap_bind_s(ld, userdn, password, LDAP_AUTH_SIMPLE);
+    int srtn = ldap_bind_s(ld, userdn, password, LDAP_AUTH_SIMPLE);
+#ifndef _WIN32
+    // secure ldap tls might overwrite SIGPIPE handler
+    signal(SIGPIPE, SIG_IGN);
+#endif
+    return srtn;
 }
 
 // userdn is required for ldap_simple_bind_s, not really necessary for ldap_bind_s.
-int LdapUtils::LdapBindInternal(LDAP* ld, const char* domain, const char* username, const char* password, const char* userdn, LdapServerType server_type, const char* method)
+int LdapUtils::LdapBind(LDAP* ld, const char* domain, const char* username, const char* password, const char* userdn, LdapServerType server_type, const char* method)
 {
     bool binddone = false;
     int rc = LDAP_SUCCESS;
@@ -203,16 +208,6 @@ int LdapUtils::LdapBindInternal(LDAP* ld, const char* domain, const char* userna
     return rc;
 }
 
-int LdapUtils::LdapBind(LDAP* ld, const char* domain, const char* username, const char* password, const char* userdn, LdapServerType server_type, const char* method)
-{
-    int srtn = LdapBindInternal(ld, domain, username, password, userdn, server_type, method);
-#ifndef _WIN32
-    // secure ldap tls might overwrite SIGPIPE handler
-    signal(SIGPIPE, SIG_IGN);
-#endif
-    return srtn;
-}
-
 int LdapUtils::getServerInfo(const char* ldapserver, int ldapport, StringBuffer& domainDN, LdapServerType& stype, const char* domainname)
 {
     LdapServerType deducedSType = LDAPSERVER_UNKNOWN;

system/security/LdapSecurity/ldaputils.hpp

@@ -40,7 +40,6 @@ public:
     static LDAP* LdapInit(const char* protocol, const char* host, int port, int secure_port);
     static int LdapSimpleBind(LDAP* ld, char* userdn, char* password);
     // userdn is required for ldap_simple_bind_s, not really necessary for ldap_bind_s.
-    static int LdapBindInternal(LDAP* ld, const char* domain, const char* username, const char* password, const char* userdn, LdapServerType server_type, const char* method="kerberos");
     static int LdapBind(LDAP* ld, const char* domain, const char* username, const char* password, const char* userdn, LdapServerType server_type, const char* method="kerberos");
     static void bin2str(MemoryBuffer& from, StringBuffer& to);
     static int getServerInfo(const char* ldapserver, int ldapport, StringBuffer& domainDN, LdapServerType& stype, const char* domainname);