8000 Fix timeout in LDAP lookup of libpq connection parameters · larkly/postgres-docker@b4ae2e3 · GitHub
[go: up one dir, main page]
Skip to content
8000

Commit b4ae2e3

Browse files
mhagandermhagander
committed
Fix timeout in LDAP lookup of libpq connection parameters
Bind attempts to an LDAP server should time out after two seconds, allowing additional lines in the service control file to be parsed (which provide a fall back to a secondary LDAP server or default options). The existing code failed to enforce that timeout during TCP connect, resulting in a hang far longer than two seconds if the LDAP server does not respond. Laurenz Albe
1 parent 8c0caca commit b4ae2e3

File tree

1 file changed

+39
-7
lines changed

1 file changed

+39
-7
lines changed

src/interfaces/libpq/fe-connect.c

Lines changed: 39 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2758,12 +2758,37 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
27582758
}
27592759

27602760
/*
2761-
* Initialize connection to the server. We do an explicit bind because we
2762-
* want to return 2 if the bind fails.
2761+
* Perform an explicit anonymous bind.
2762+
* LDAP does not require that an anonymous bind is preformed explicitly,
2763+
* but we want to distinguish between the case where LDAP bind does not
2764+
* succeed within PGLDAP_TIMEOUT seconds (return 2 to continue parsing
2765+
* the service control file) and the case where querying the LDAP server
2766+
* fails (return 1 to end parsing).
2767+
* Unfortunately there is no way of setting a timeout that works for
2768+
* both Windows and OpenLDAP.
27632769
*/
2770+
#ifdef WIN32
2771+
/* the nonstandard ldap_connect function performs an anonymous bind */
2772+
if (ldap_connect(ld, &time) != LDAP_SUCCESS)
2773+
{
2774+
/* error or timeout in ldap_connect */
2775+
free(url);
2776+
ldap_unbind(ld);
2777+
return 2;
2778+
}
2779+
#else /* WIN32 */
2780+
/* in OpenLDAP, use the LDAP_OPT_NETWORK_TIMEOUT option */
2781+
if (ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &time) != LDAP_SUCCESS)
2782+
{
2783+
free(url);
2784+
ldap_unbind(ld);
2785+
return 3;
2786+
}
2787+
2788+
/* anonymous bind */
27642789
if ((msgid = ldap_simple_bind(ld, NULL, NULL)) == -1)
27652790
{
2766-
/* error in ldap_simple_bind() */
2791+
/* error or network timeout */
27672792
free(url);
27682793
ldap_unbind(ld);
27692794
return 2;
@@ -2774,18 +2799,25 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
27742799
if ((rc = ldap_result(ld, msgid, LDAP_MSG_ALL, &time, &res)) == -1 ||
27752800
res == NULL)
27762801
{
2802+
/* error or timeout */
27772803
if (res != NULL)
2778-
{
2779-
/* timeout */
27802804
ldap_msgfree(res);
2781-
}
2782-
/* error in ldap_result() */
27832805
free(url);
27842806
ldap_unbind(ld);
27852807
return 2;
27862808
}
27872809
ldap_msgfree(res);
27882810

2811+
/* reset timeout */
2812+
time.tv_sec = -1;
2813+
if (ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &time) != LDAP_SUCCESS)
2814+
{
2815+
free(url);
2816+
ldap_unbind(ld);
2817+
return 3;
2818+
}
2819+
#endif /* WIN32 */
2820+
27892821
/* search */
27902822
res = NULL;
27912823
if ((rc = ldap_search_st(ld, dn, scope, filter, attrs, 0, &time, &res))

0 commit comments

Comments
 (0)
0