From: Timo Sirainen <tss@iki.fi>
Date: Mon, 4 Apr 2011 14:53:05 +0000 (+0300)
Subject: auth: If initial binding to LDAP server hangs, detect it and abort.
X-Git-Tag: 2.0.12~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d0a002723dac5c58c250f6566efb1f5e474c169;p=thirdparty%2Fdovecot%2Fcore.git

auth: If initial binding to LDAP server hangs, detect it and abort.
---

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 7db0cb3b81..c3dd77bdf9 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -456,6 +456,8 @@ static int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
 		return -1;
 	}
 
+	if (conn->to != NULL)
+		timeout_remove(&conn->to);
 	conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
 	while (db_ldap_request_queue_next(conn))
 		;
@@ -693,6 +695,14 @@ sasl_interact(LDAP *ld ATTR_UNUSED, unsigned flags ATTR_UNUSED,
 }
 #endif
 
+static void ldap_connection_timeout(struct ldap_connection *conn)
+{
+	i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
+
+	i_error("LDAP: Initial binding to LDAP server timed out");
+	db_ldap_conn_close(conn);
+}
+
 static int db_ldap_bind(struct ldap_connection *conn)
 {
 	int msgid;
@@ -714,6 +724,11 @@ static int db_ldap_bind(struct ldap_connection *conn)
 
 	conn->conn_state = LDAP_CONN_STATE_BINDING;
 	conn->default_bind_msgid = msgid;
+
+	if (conn->to != NULL)
+		timeout_remove(&conn->to);
+	conn->to = timeout_add(DB_LDAP_REQUEST_LOST_TIMEOUT_SECS*1000,
+			       ldap_connection_timeout, conn);
 	return 0;
 }
 
@@ -928,6 +943,9 @@ static void db_ldap_conn_close(struct ldap_connection *conn)
 	conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
 	conn->default_bind_msgid = -1;
 
+	if (conn->to != NULL)
+		timeout_remove(&conn->to);
+
 	if (conn->pending_count != 0) {
 		requests = array_idx(&conn->request_array, 0);
 		for (i = 0; i < conn->pending_count; i++) {
@@ -951,10 +969,7 @@ static void db_ldap_conn_close(struct ldap_connection *conn)
 		io_remove_closed(&conn->io);
 	}
 
-	if (aqueue_count(conn->request_queue) == 0) {
-		if (conn->to != NULL)
-			timeout_remove(&conn->to);
-	} else if (conn->to == NULL) {
+	if (aqueue_count(conn->request_queue) > 0) {
 		conn->to = timeout_add(DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS *
 				       1000/2, db_ldap_disconnect_timeout, conn);
 	}