Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcc26927

Browse files
committed
Fix timeout in LDAP lookup of libpq connection parameters
Bind attempts to an LDAP server should time out after two seconds,allowing additional lines in the service control file to be parsed(which provide a fall back to a secondary LDAP server or default options).The existing code failed to enforce that timeout during TCP connect,resulting in a hang far longer than two seconds if the LDAP serverdoes not respond.Laurenz Albe
1 parentf716c32 commitcc26927

File tree

1 file changed

+39
-7
lines changed

1 file changed

+39
-7
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 39 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3526,12 +3526,37 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
35263526
}
35273527

35283528
/*
3529-
* Initialize connection to the server. We do an explicit bind because we
3530-
* want to return 2 if the bind fails.
3529+
* Perform an explicit anonymous bind.
3530+
* LDAP does not require that an anonymous bind is preformed explicitly,
3531+
* but we want to distinguish between the case where LDAP bind does not
3532+
* succeed within PGLDAP_TIMEOUT seconds (return 2 to continue parsing
3533+
* the service control file) and the case where querying the LDAP server
3534+
* fails (return 1 to end parsing).
3535+
* Unfortunately there is no way of setting a timeout that works for
3536+
* both Windows and OpenLDAP.
35313537
*/
3538+
#ifdefWIN32
3539+
/* the nonstandard ldap_connect function performs an anonymous bind */
3540+
if (ldap_connect(ld,&time)!=LDAP_SUCCESS)
3541+
{
3542+
/* error or timeout in ldap_connect */
3543+
free(url);
3544+
ldap_unbind(ld);
3545+
return2;
3546+
}
3547+
#else/* WIN32 */
3548+
/* in OpenLDAP, use the LDAP_OPT_NETWORK_TIMEOUT option */
3549+
if (ldap_set_option(ld,LDAP_OPT_NETWORK_TIMEOUT,&time)!=LDAP_SUCCESS)
3550+
{
3551+
free(url);
3552+
ldap_unbind(ld);
3553+
return3;
3554+
}
3555+
3556+
/* anonymous bind */
35323557
if ((msgid=ldap_simple_bind(ld,NULL,NULL))==-1)
35333558
{
3534-
/* errorin ldap_simple_bind() */
3559+
/* erroror network timeout */
35353560
free(url);
35363561
ldap_unbind(ld);
35373562
return2;
@@ -3542,18 +3567,25 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
35423567
if ((rc=ldap_result(ld,msgid,LDAP_MSG_ALL,&time,&res))==-1||
35433568
res==NULL)
35443569
{
3570+
/* error or timeout */
35453571
if (res!=NULL)
3546-
{
3547-
/* timeout */
35483572
ldap_msgfree(res);
3549-
}
3550-
/* error in ldap_result() */
35513573
free(url);
35523574
ldap_unbind(ld);
35533575
return2;
35543576
}
35553577
ldap_msgfree(res);
35563578

3579+
/* reset timeout */
3580+
time.tv_sec=-1;
3581+
if (ldap_set_option(ld,LDAP_OPT_NETWORK_TIMEOUT,&time)!=LDAP_SUCCESS)
3582+
{
3583+
free(url);
3584+
ldap_unbind(ld);
3585+
return3;
3586+
}
3587+
#endif/* WIN32 */
3588+
35573589
/* search */
35583590
res=NULL;
35593591
if ((rc=ldap_search_st(ld,dn,scope,filter,attrs,0,&time,&res))

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp