From 2d0a002723dac5c58c250f6566efb1f5e474c169 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Mon, 4 Apr 2011 17:53:05 +0300
Subject: [PATCH] auth: If initial binding to LDAP server hangs, detect it and
 abort.

---
 src/auth/db-ldap.c | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 7db0cb3b81..c3dd77bdf9 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -456,6 +456,8 @@ static int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
 		return -1;
 	}
 
+	if (conn->to != NULL)
+		timeout_remove(&conn->to);
 	conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
 	while (db_ldap_request_queue_next(conn))
 		;
@@ -693,6 +695,14 @@ sasl_interact(LDAP *ld ATTR_UNUSED, unsigned flags ATTR_UNUSED,
 }
 #endif
 
+static void ldap_connection_timeout(struct ldap_connection *conn)
+{
+	i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
+
+	i_error("LDAP: Initial binding to LDAP server timed out");
+	db_ldap_conn_close(conn);
+}
+
 static int db_ldap_bind(struct ldap_connection *conn)
 {
 	int msgid;
@@ -714,6 +724,11 @@ static int db_ldap_bind(struct ldap_connection *conn)
 
 	conn->conn_state = LDAP_CONN_STATE_BINDING;
 	conn->default_bind_msgid = msgid;
+
+	if (conn->to != NULL)
+		timeout_remove(&conn->to);
+	conn->to = timeout_add(DB_LDAP_REQUEST_LOST_TIMEOUT_SECS*1000,
+			       ldap_connection_timeout, conn);
 	return 0;
 }
 
@@ -928,6 +943,9 @@ static void db_ldap_conn_close(struct ldap_connection *conn)
 	conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
 	conn->default_bind_msgid = -1;
 
+	if (conn->to != NULL)
+		timeout_remove(&conn->to);
+
 	if (conn->pending_count != 0) {
 		requests = array_idx(&conn->request_array, 0);
 		for (i = 0; i < conn->pending_count; i++) {
@@ -951,10 +969,7 @@ static void db_ldap_conn_close(struct ldap_connection *conn)
 		io_remove_closed(&conn->io);
 	}
 
-	if (aqueue_count(conn->request_queue) == 0) {
-		if (conn->to != NULL)
-			timeout_remove(&conn->to);
-	} else if (conn->to == NULL) {
+	if (aqueue_count(conn->request_queue) > 0) {
 		conn->to = timeout_add(DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS *
 				       1000/2, db_ldap_disconnect_timeout, conn);
 	}
-- 
2.47.3