Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit96752b0

Browse files
committed
Fix timeout in LDAP lookup of libpq connection parameters
Bind attempts to an LDAP server should time out after two seconds,allowing additional lines in the service control file to be parsed(which provide a fall back to a secondary LDAP server or default options).The existing code failed to enforce that timeout during TCP connect,resulting in a hang far longer than two seconds if the LDAP serverdoes not respond.Laurenz Albe
1 parenta86b2da commit96752b0

File tree

1 file changed

+39
-7
lines changed

1 file changed

+39
-7
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 39 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3282,12 +3282,37 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
32823282
}
32833283

32843284
/*
3285-
* Initialize connection to the server. We do an explicit bind because we
3286-
* want to return 2 if the bind fails.
3285+
* Perform an explicit anonymous bind.
3286+
* LDAP does not require that an anonymous bind is preformed explicitly,
3287+
* but we want to distinguish between the case where LDAP bind does not
3288+
* succeed within PGLDAP_TIMEOUT seconds (return 2 to continue parsing
3289+
* the service control file) and the case where querying the LDAP server
3290+
* fails (return 1 to end parsing).
3291+
* Unfortunately there is no way of setting a timeout that works for
3292+
* both Windows and OpenLDAP.
32873293
*/
3294+
#ifdefWIN32
3295+
/* the nonstandard ldap_connect function performs an anonymous bind */
3296+
if (ldap_connect(ld,&time)!=LDAP_SUCCESS)
3297+
{
3298+
/* error or timeout in ldap_connect */
3299+
free(url);
3300+
ldap_unbind(ld);
3301+
return2;
3302+
}
3303+
#else/* WIN32 */
3304+
/* in OpenLDAP, use the LDAP_OPT_NETWORK_TIMEOUT option */
3305+
if (ldap_set_option(ld,LDAP_OPT_NETWORK_TIMEOUT,&time)!=LDAP_SUCCESS)
3306+
{
3307+
free(url);
3308+
ldap_unbind(ld);
3309+
return3;
3310+
}
3311+
3312+
/* anonymous bind */
32883313
if ((msgid=ldap_simple_bind(ld,NULL,NULL))==-1)
32893314
{
3290-
/* errorin ldap_simple_bind() */
3315+
/* erroror network timeout */
32913316
free(url);
32923317
ldap_unbind(ld);
32933318
return2;
@@ -3298,18 +3323,25 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
32983323
if ((rc=ldap_result(ld,msgid,LDAP_MSG_ALL,&time,&res))==-1||
32993324
res==NULL)
33003325
{
3326+
/* error or timeout */
33013327
if (res!=NULL)
3302-
{
3303-
/* timeout */
33043328
ldap_msgfree(res);
3305-
}
3306-
/* error in ldap_result() */
33073329
free(url);
33083330
ldap_unbind(ld);
33093331
return2;
33103332
}
33113333
ldap_msgfree(res);
33123334

3335+
/* reset timeout */
3336+
time.tv_sec=-1;
3337+
if (ldap_set_option(ld,LDAP_OPT_NETWORK_TIMEOUT,&time)!=LDAP_SUCCESS)
3338+
{
3339+
free(url);
3340+
ldap_unbind(ld);
3341+
return3;
3342+
}
3343+
#endif/* WIN32 */
3344+
33133345
/* search */
33143346
res=NULL;
33153347
if ((rc=ldap_search_st(ld,dn,scope,filter,attrs,0,&time,&res))

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp