Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc4bf15b

Browse files
committed
Fix timeout in LDAP lookup of libpq connection parameters
Bind attempts to an LDAP server should time out after two seconds,allowing additional lines in the service control file to be parsed(which provide a fall back to a secondary LDAP server or default options).The existing code failed to enforce that timeout during TCP connect,resulting in a hang far longer than two seconds if the LDAP serverdoes not respond.Laurenz Albe
1 parentbed499e commitc4bf15b

File tree

1 file changed

+39
-7
lines changed

1 file changed

+39
-7
lines changed

‎src/interfaces/libpq/fe-connect.c‎

Lines changed: 39 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3513,12 +3513,37 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
35133513
}
35143514

35153515
/*
3516-
* Initialize connection to the server. We do an explicit bind because we
3517-
* want to return 2 if the bind fails.
3516+
* Perform an explicit anonymous bind.
3517+
* LDAP does not require that an anonymous bind is preformed explicitly,
3518+
* but we want to distinguish between the case where LDAP bind does not
3519+
* succeed within PGLDAP_TIMEOUT seconds (return 2 to continue parsing
3520+
* the service control file) and the case where querying the LDAP server
3521+
* fails (return 1 to end parsing).
3522+
* Unfortunately there is no way of setting a timeout that works for
3523+
* both Windows and OpenLDAP.
35183524
*/
3525+
#ifdefWIN32
3526+
/* the nonstandard ldap_connect function performs an anonymous bind */
3527+
if (ldap_connect(ld,&time)!=LDAP_SUCCESS)
3528+
{
3529+
/* error or timeout in ldap_connect */
3530+
free(url);
3531+
ldap_unbind(ld);
3532+
return2;
3533+
}
3534+
#else/* WIN32 */
3535+
/* in OpenLDAP, use the LDAP_OPT_NETWORK_TIMEOUT option */
3536+
if (ldap_set_option(ld,LDAP_OPT_NETWORK_TIMEOUT,&time)!=LDAP_SUCCESS)
3537+
{
3538+
free(url);
3539+
ldap_unbind(ld);
3540+
return3;
3541+
}
3542+
3543+
/* anonymous bind */
35193544
if ((msgid=ldap_simple_bind(ld,NULL,NULL))==-1)
35203545
{
3521-
/* errorin ldap_simple_bind() */
3546+
/* erroror network timeout */
35223547
free(url);
35233548
ldap_unbind(ld);
35243549
return2;
@@ -3529,18 +3554,25 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
35293554
if ((rc=ldap_result(ld,msgid,LDAP_MSG_ALL,&time,&res))==-1||
35303555
res==NULL)
35313556
{
3557+
/* error or timeout */
35323558
if (res!=NULL)
3533-
{
3534-
/* timeout */
35353559
ldap_msgfree(res);
3536-
}
3537-
/* error in ldap_result() */
35383560
free(url);
35393561
ldap_unbind(ld);
35403562
return2;
35413563
}
35423564
ldap_msgfree(res);
35433565

3566+
/* reset timeout */
3567+
time.tv_sec=-1;
3568+
if (ldap_set_option(ld,LDAP_OPT_NETWORK_TIMEOUT,&time)!=LDAP_SUCCESS)
3569+
{
3570+
free(url);
3571+
ldap_unbind(ld);
3572+
return3;
3573+
}
3574+
#endif/* WIN32 */
3575+
35443576
/* search */
35453577
res=NULL;
35463578
if ((rc=ldap_search_st(ld,dn,scope,filter,attrs,0,&time,&res))

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp