From: Timo Sirainen <tss@iki.fi>
Date: Wed, 11 Nov 2015 11:15:30 +0000 (+0200)
Subject: auth: Added hardcoded 5 second timeout to LDAP connect()
X-Git-Tag: 2.2.20.rc1~102
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fb3178a1924dae52151d88c4d4ded879df43dd3f;p=thirdparty%2Fdovecot%2Fcore.git

auth: Added hardcoded 5 second timeout to LDAP connect()
Although it doesn't look like the timeout is exactly 5 seconds always due to
OpenSSL's internal workings, but this should be good enough.
---

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 186a3b849e..6dcfba7af5 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -1096,6 +1096,18 @@ static void db_ldap_set_options(struct ldap_connection *conn)
 	unsigned int ldap_version;
 	int value;
 
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+	struct timeval tv;
+	int ret;
+
+	tv.tv_sec = DB_LDAP_CONNECT_TIMEOUT_SECS; tv.tv_usec = 0;
+	ret = ldap_set_option(conn->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+	if (ret != LDAP_SUCCESS) {
+		i_fatal("LDAP %s: Can't set network-timeout: %s",
+			conn->config_path, ldap_err2string(ret));
+	}
+#endif
+
 	db_ldap_set_opt(conn, conn->ld, LDAP_OPT_DEREF, &conn->set.ldap_deref,
 			"deref", conn->set.deref);
 #ifdef LDAP_OPT_DEBUG_LEVEL
diff --git a/src/auth/db-ldap.h b/src/auth/db-ldap.h
index 8a51081758..53b2e5cb52 100644
--- a/src/auth/db-ldap.h
+++ b/src/auth/db-ldap.h
@@ -7,6 +7,8 @@
 
 /* Maximum number of pending requests before delaying new requests. */
 #define DB_LDAP_MAX_PENDING_REQUESTS 8
+/* connect() timeout to LDAP */
+#define DB_LDAP_CONNECT_TIMEOUT_SECS 5
 /* If LDAP connection is down, fail requests after waiting for this long. */
 #define DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS 4
 /* If request is still in queue after this many seconds and other requests