From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 26 Jan 2022 12:43:01 +0000 (+0200)
Subject: auth: ldap: Stop re-sending request after 3 disconnect+reconnects
X-Git-Tag: 2.4.0~4583
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=836e0e613cad7b78edb734ba2bd2f73fbc93b260;p=thirdparty%2Fdovecot%2Fcore.git

auth: ldap: Stop re-sending request after 3 disconnect+reconnects

This prevents retrying the same LDAP request forever in situations where the
request causes LDAP server to become disconnected. This might fix some real
issues, but it was mainly implemented because testing the following commit
caused infinite looping.
---

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 1b69a4911c..602cc079c1 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -49,6 +49,8 @@
 #  define LDAP_OPT_SUCCESS LDAP_SUCCESS
 #endif
 
+#define DB_LDAP_REQUEST_MAX_ATTEMPT_COUNT 3
+
 static const char *LDAP_ESCAPE_CHARS = "*,\\#+<>;\"()= ";
 
 struct db_ldap_result {
@@ -399,18 +401,25 @@ static bool db_ldap_request_queue_next(struct ldap_connection *conn)
 		break;
 	}
 
-	switch (request->type) {
-	case LDAP_REQUEST_TYPE_BIND:
-		ret = db_ldap_request_bind(conn, request);
-		break;
-	case LDAP_REQUEST_TYPE_SEARCH:
-		ret = db_ldap_request_search(conn, request);
-		break;
+	if (request->send_count >= DB_LDAP_REQUEST_MAX_ATTEMPT_COUNT) {
+		/* Enough many times retried. Server just keeps disconnecting
+		   whenever attempting to send the request. */
+		ret = 0;
+	} else {
+		switch (request->type) {
+		case LDAP_REQUEST_TYPE_BIND:
+			ret = db_ldap_request_bind(conn, request);
+			break;
+		case LDAP_REQUEST_TYPE_SEARCH:
+			ret = db_ldap_request_search(conn, request);
+			break;
+		}
 	}
 
 	if (ret > 0) {
 		/* success */
 		i_assert(request->msgid != -1);
+		request->send_count++;
 		conn->pending_count++;
 		return TRUE;
 	} else if (ret < 0) {
diff --git a/src/auth/db-ldap.h b/src/auth/db-ldap.h
index e69d716e64..e919e79e3d 100644
--- a/src/auth/db-ldap.h
+++ b/src/auth/db-ldap.h
@@ -104,6 +104,11 @@ struct ldap_request {
 	/* timestamp when request was created */
 	time_t create_time;
 
+	/* Number of times this request has been sent to LDAP server. This
+	   increases when LDAP gets disconnected and reconnect send the request
+	   again. */
+	unsigned int send_count;
+
 	bool failed:1;
 	/* This is to prevent double logging the result */
 	bool result_logged:1;