Fix time delta issues in ldap related code

diff --git a/src/lib/ldap/base.c b/src/lib/ldap/base.c
index 4413aade0d532b31300230dbf08f1d783ee381cc..d6c12d990d6c09d202ae9dae55328a8ecf9cd4b6 100644 (file)
--- a/src/lib/ldap/base.c
+++ b/src/lib/ldap/base.c
@@ -126,7 +126,7 @@ void fr_ldap_timeout_debug(request_t *request, fr_ldap_connection_t const *conn,
 
        ROPTIONAL(RDEBUG4, DEBUG4, "%s: Timeout settings", prefix);
 
-       if (timeout) {
+       if (fr_time_delta_ispos(timeout)) {
                ROPTIONAL(RDEBUG4, DEBUG4, "Client side result timeout (ovr): %pVs",
                          fr_box_time_delta(timeout));
        } else {
@@ -412,7 +412,7 @@ fr_ldap_rcode_t fr_ldap_result(LDAPMessage **result, LDAPControl ***ctrls,
        ldap_get_option(conn->handle, LDAP_OPT_ERROR_NUMBER, &lib_errno);
        if (lib_errno != LDAP_SUCCESS) return fr_ldap_error_check(NULL, conn, NULL, dn);
 
-       if (!timeout) our_timeout = conn->config->res_timeout;
+       if (!fr_time_delta_ispos(timeout)) our_timeout = conn->config->res_timeout;
 
        /*
         *      Now retrieve the result and check for errors
@@ -524,7 +524,7 @@ fr_ldap_rcode_t fr_ldap_bind(request_t *request,
                /* We got a valid message ID */
                if ((ret == 0) && (msgid >= 0)) ROPTIONAL(RDEBUG2, DEBUG2, "Waiting for bind result...");
 
-               status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, 0);
+               status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, fr_time_delta_wrap(0));
        }
 
        switch (status) {
@@ -591,7 +591,7 @@ fr_ldap_rcode_t fr_ldap_search(LDAPMessage **result, request_t *request,
        fr_assert(*pconn && (*pconn)->handle);
 
        if (DEBUG_ENABLED4 || (request && RDEBUG_ENABLED4)) {
-               fr_ldap_timeout_debug(request, *pconn, 0, __FUNCTION__);
+               fr_ldap_timeout_debug(request, *pconn, fr_time_delta_wrap(0), __FUNCTION__);
        }
 
        /*
@@ -607,7 +607,7 @@ fr_ldap_rcode_t fr_ldap_search(LDAPMessage **result, request_t *request,
        if ((*pconn)->rebound) {
                status = fr_ldap_bind(request, pconn,
                                      (*pconn)->config->admin_identity, (*pconn)->config->admin_password,
-                                     &(*pconn)->config->admin_sasl, 0,
+                                     &(*pconn)->config->admin_sasl, fr_time_delta_wrap(0),
                                      NULL, NULL);
                if (status != LDAP_PROC_SUCCESS) return LDAP_PROC_ERROR;
 
@@ -634,7 +634,7 @@ fr_ldap_rcode_t fr_ldap_search(LDAPMessage **result, request_t *request,
                               0, our_serverctrls, our_clientctrls, NULL, 0, &msgid);
 
        ROPTIONAL(RDEBUG2, DEBUG2, "Waiting for search result...");
-       status = fr_ldap_result(&our_result, NULL, *pconn, msgid, 1, dn, 0);
+       status = fr_ldap_result(&our_result, NULL, *pconn, msgid, 1, dn, fr_time_delta_wrap(0));
        switch (status) {
        case LDAP_PROC_SUCCESS:
                break;
@@ -716,7 +716,9 @@ fr_ldap_rcode_t fr_ldap_search_async(int *msgid, request_t *request,
 
        fr_assert(*pconn && (*pconn)->handle);
 
-       if (DEBUG_ENABLED4 || (request && RDEBUG_ENABLED4)) fr_ldap_timeout_debug(request, *pconn, 0, __FUNCTION__);
+       if (DEBUG_ENABLED4 || (request && RDEBUG_ENABLED4)) {
+               fr_ldap_timeout_debug(request, *pconn, fr_time_delta_wrap(0), __FUNCTION__);
+       }
 
        /*
         *      OpenLDAP library doesn't declare attrs array as const, but
@@ -731,7 +733,7 @@ fr_ldap_rcode_t fr_ldap_search_async(int *msgid, request_t *request,
        if ((*pconn)->rebound) {
                status = fr_ldap_bind(request, pconn,
                                      (*pconn)->config->admin_identity, (*pconn)->config->admin_password,
-                                     &(*pconn)->config->admin_sasl, 0,
+                                     &(*pconn)->config->admin_sasl, fr_time_delta_wrap(0),
                                      NULL, NULL);
                if (status != LDAP_PROC_SUCCESS) return LDAP_PROC_ERROR;
 
@@ -797,7 +799,7 @@ fr_ldap_rcode_t fr_ldap_modify(request_t *request, fr_ldap_connection_t **pconn,
 
        fr_assert(*pconn && (*pconn)->handle);
 
-       if (RDEBUG_ENABLED4) fr_ldap_timeout_debug(request, *pconn, 0, __FUNCTION__);
+       if (RDEBUG_ENABLED4) fr_ldap_timeout_debug(request, *pconn, fr_time_delta_wrap(0), __FUNCTION__);
 
        /*
         *      Perform all modifications as the admin user.
@@ -806,7 +808,7 @@ fr_ldap_rcode_t fr_ldap_modify(request_t *request, fr_ldap_connection_t **pconn,
                status = fr_ldap_bind(request, pconn,
                                      (*pconn)->config->admin_identity, (*pconn)->config->admin_password,
                                      &(*pconn)->config->admin_sasl,
-                                     0, NULL, NULL);
+                                     fr_time_delta_wrap(0), NULL, NULL);
                if (status != LDAP_PROC_SUCCESS) {
                        return LDAP_PROC_ERROR;
                }
@@ -820,7 +822,7 @@ fr_ldap_rcode_t fr_ldap_modify(request_t *request, fr_ldap_connection_t **pconn,
        (void) ldap_modify_ext((*pconn)->handle, dn, mods, our_serverctrls, our_clientctrls, &msgid);
 
        RDEBUG2("Waiting for modify result...");
-       status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, 0);
+       status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, fr_time_delta_wrap(0));
        switch (status) {
        case LDAP_PROC_SUCCESS:
                break;

diff --git a/src/lib/ldap/bind.c b/src/lib/ldap/bind.c
index a54b522319ac0a97015a0f530706846ac4aca142..6e72feeb7eb80a38d43840e790d25c66cf2f9262 100644 (file)
--- a/src/lib/ldap/bind.c
+++ b/src/lib/ldap/bind.c
@@ -76,7 +76,8 @@ static void _ldap_bind_io_read(UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED
        /*
         *      We're I/O driven, if there's no data someone lied to us
         */
-       status = fr_ldap_result(NULL, NULL, c, bind_ctx->msgid, LDAP_MSG_ALL, bind_ctx->bind_dn, 0);
+       status = fr_ldap_result(NULL, NULL, c, bind_ctx->msgid, LDAP_MSG_ALL,
+                               bind_ctx->bind_dn, fr_time_delta_wrap(0));
        talloc_free(bind_ctx);                  /* Also removes fd events */
 
        switch (status) {
@@ -126,7 +127,7 @@ static void _ldap_bind_io_write(fr_event_list_t *el, int fd, UNUSED int flags, v
         *      Set timeout to be 0.0, which is the magic
         *      non-blocking value.
         */
-       (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(0));
+       (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(fr_time_delta_wrap(0)));
 
        if (bind_ctx->password) {
                memcpy(&cred.bv_val, &bind_ctx->password, sizeof(cred.bv_val));

diff --git a/src/lib/ldap/connection.c b/src/lib/ldap/connection.c
index 8d005330635d8d9859c640f6342aa8b01edc5813..4d0e1959db59dcb717d3489f91309dce5ca6d0c4 100644 (file)
--- a/src/lib/ldap/connection.c
+++ b/src/lib/ldap/connection.c
@@ -131,7 +131,7 @@ static int fr_ldap_rebind(LDAP *handle, LDAP_CONST char *url,
        }
 
        status = fr_ldap_bind(NULL, &conn, admin_identity, admin_password,
-                             &conn->config->admin_sasl, 0, NULL, NULL);
+                             &conn->config->admin_sasl, fr_time_delta_wrap(0), NULL, NULL);
        if (status != LDAP_PROC_SUCCESS) {
                ldap_get_option(handle, LDAP_OPT_ERROR_NUMBER, &ldap_errno);
 
@@ -203,8 +203,10 @@ int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const
                goto error;\
        }
 
+DIAG_OFF(unused-macros)
 #define maybe_ldap_option(_option, _name, _value) \
        if (_value) do_ldap_option(_option, _name, _value)
+DIAG_ON(unused-macros)
 
        /*
         *      Leave "dereference" unset to use the OpenLDAP default.
@@ -237,8 +239,9 @@ int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const
         *      libldap requires tv_sec to be -1 to mean that.
         */
        do_ldap_option(LDAP_OPT_NETWORK_TIMEOUT, "net_timeout",
-                      (config->net_timeout ? &fr_time_delta_to_timeval(config->net_timeout) :
-                                             &(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
+                      (fr_time_delta_ispos(config->net_timeout) ?
+                               &fr_time_delta_to_timeval(config->net_timeout) :
+                               &(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
 #endif
 
        do_ldap_option(LDAP_OPT_TIMELIMIT, "srv_timelimit", &fr_time_delta_to_timeval(config->srv_timelimit));
@@ -252,13 +255,12 @@ int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const
 #endif
 
 #ifdef LDAP_OPT_X_KEEPALIVE_PROBES
-       do_ldap_option(LDAP_OPT_X_KEEPALIVE_PROBES, "keepalive_probes",
-                      &fr_time_delta_to_timeval(config->keepalive_probes));
+       do_ldap_option(LDAP_OPT_X_KEEPALIVE_PROBES, "keepalive_probes", config->keepalive_probes);
 #endif
 
 #ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL
        do_ldap_option(LDAP_OPT_X_KEEPALIVE_INTERVAL, "keepalive_interval",
-                      &fr_time_delta_to_timeval(config->keepalive_interval));
+                      fr_time_delta_to_sec(config->keepalive_interval));
 #endif
 
 #ifdef HAVE_LDAP_START_TLS_S
@@ -448,7 +450,7 @@ static fr_connection_state_t _ldap_connection_init(void **h, fr_connection_t *co
 
        /* Don't block */
        if (ldap_set_option(c->handle, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON) != LDAP_OPT_SUCCESS) goto error;
-       fr_ldap_connection_timeout_set(c, 0);                                   /* Forces LDAP_X_CONNECTING */
+       fr_ldap_connection_timeout_set(c, fr_time_delta_wrap(0));       /* Forces LDAP_X_CONNECTING */
 
        state = fr_ldap_state_next(c);
        if (state == FR_LDAP_STATE_ERROR) goto error;
@@ -498,8 +500,9 @@ int fr_ldap_connection_timeout_set(fr_ldap_connection_t const *c, fr_time_delta_
         *      libldap requires tv_sec to be -1 to mean that.
         */
        do_ldap_option(LDAP_OPT_NETWORK_TIMEOUT, "net_timeout",
-                      (timeout ? &fr_time_delta_to_timeval(timeout) :
-                                 &(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
+                      (fr_time_delta_ispos(timeout) ?
+                               &fr_time_delta_to_timeval(timeout) :
+                               &(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
 #endif
 
        return 0;
@@ -522,8 +525,9 @@ int fr_ldap_connection_timeout_reset(fr_ldap_connection_t const *c)
         *      libldap requires tv_sec to be -1 to mean that.
         */
        do_ldap_option(LDAP_OPT_NETWORK_TIMEOUT, "net_timeout",
-                      (c->config->net_timeout ? &fr_time_delta_to_timeval(c->config->net_timeout) :
-                                                &(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
+                      (fr_time_delta_ispos(c->config->net_timeout) ?
+                               &fr_time_delta_to_timeval(c->config->net_timeout) :
+                               &(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
 #endif
 
        return 0;

diff --git a/src/lib/ldap/start_tls.c b/src/lib/ldap/start_tls.c
index 58e8a63868b51d9d0152e39a9f0d25b879d64b30..4eb2df087a30eb863a2bb51ffc3d742426ae68c4 100644 (file)
--- a/src/lib/ldap/start_tls.c
+++ b/src/lib/ldap/start_tls.c
@@ -103,7 +103,7 @@ static void _ldap_start_tls_io_read(UNUSED fr_event_list_t *el, UNUSED int fd, U
        /*
         *      We're I/O driven, if there's no data someone lied to us
         */
-       status = fr_ldap_result(NULL, NULL, c, tls_ctx->msgid, LDAP_MSG_ALL, NULL, 0);
+       status = fr_ldap_result(NULL, NULL, c, tls_ctx->msgid, LDAP_MSG_ALL, NULL, fr_time_delta_wrap(0));
        talloc_free(tls_ctx);                           /* Free explicitly so we don't accumulate contexts */
 
        switch (status) {
@@ -165,7 +165,7 @@ static void _ldap_start_tls_io_write(fr_event_list_t *el, int fd, UNUSED int fla
         *      Set timeout to be 0.0, which is the magic
         *      non-blocking value.
         */
-       (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(0));
+       (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(fr_time_delta_wrap(0)));
        ret = ldap_start_tls(c->handle, our_serverctrls, our_clientctrls, &tls_ctx->msgid);
        /*
         *      If the handle was not connected, this operation

diff --git a/src/lib/ldap/util.c b/src/lib/ldap/util.c
index ff3da184545e8cc45dacc0ac1b9e2d4807f21cf2..4763b3a6699a6e5a2b7857224bd0647a33a24bd9 100644 (file)
--- a/src/lib/ldap/util.c
+++ b/src/lib/ldap/util.c
@@ -270,7 +270,11 @@ bool fr_ldap_util_is_dn(char const *in, size_t inlen)
  *     - 0 on success.
  *     - -1 on failure.
  */
-int fr_ldap_parse_url_extensions(LDAPControl **sss, request_t *request, fr_ldap_connection_t *conn, char **extensions)
+int fr_ldap_parse_url_extensions(LDAPControl **sss, request_t *request,
+#ifndef HAVE_LDAP_CREATE_SORT_CONTROL
+                                UNUSED
+#endif
+                                fr_ldap_connection_t *conn, char **extensions)
 {
        int i;
 

diff --git a/src/modules/proto_ldap_sync/proto_ldap_sync.c b/src/modules/proto_ldap_sync/proto_ldap_sync.c
index f8b72bd3ec2a30ab2cb99fb42d94c4458eca4897..aa22c77e964ea2e0694ad4877defe1d1469b45da 100644 (file)
--- a/src/modules/proto_ldap_sync/proto_ldap_sync.c
+++ b/src/modules/proto_ldap_sync/proto_ldap_sync.c
@@ -1015,7 +1015,7 @@ static int proto_ldap_socket_open(UNUSED CONF_SECTION *cs, rad_listen_t *listen)
                              &inst->conn,
                              inst->conn->config->admin_identity, inst->conn->config->admin_password,
                              &(inst->conn->config->admin_sasl),
-                             0,
+                             fr_time_delta_wrap(0),
                              NULL, NULL);
        if (status != LDAP_PROC_SUCCESS) goto error;
 

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 85e7baf6217973f84220724742545331d2b1a090..6d97e438516ed6273e8f91a88aa68092707404a3 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -896,7 +896,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result,
                              &conn,
                              dn, password->vp_strvalue,
                              inst->user_sasl.mech ? &sasl : NULL,
-                             0,
+                             fr_time_delta_wrap(0),
                              NULL, NULL);
        switch (status) {
        case LDAP_PROC_SUCCESS:
@@ -1138,7 +1138,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
                         *      Bind as the user
                         */
                        conn->rebound = true;
-                       status = fr_ldap_bind(request, &conn, dn, vp->vp_strvalue, NULL, 0, NULL, NULL);
+                       status = fr_ldap_bind(request, &conn, dn, vp->vp_strvalue, NULL,
+                                             fr_time_delta_wrap(0), NULL, NULL);
                        switch (status) {
                        case LDAP_PROC_SUCCESS:
                                rcode = RLM_MODULE_OK;

diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c
index 1e4eb872b7af00f2f159ebb641440fcaff09edbf..c7ad63e643f1389ecf0e5f36b839734233cffd4e 100644 (file)
--- a/src/modules/rlm_ldap/user.c
+++ b/src/modules/rlm_ldap/user.c
@@ -104,7 +104,7 @@ char const *rlm_ldap_find_user(rlm_ldap_t const *inst, request_t *request, fr_ld
        if ((*pconn)->rebound) {
                status = fr_ldap_bind(request, pconn, (*pconn)->config->admin_identity,
                                      (*pconn)->config->admin_password, &(*pconn)->config->admin_sasl,
-                                     0, NULL, NULL);
+                                     fr_time_delta_wrap(0), NULL, NULL);
                if (status != LDAP_PROC_SUCCESS) {
                        *rcode = RLM_MODULE_FAIL;
                        return NULL;