From: Arran Cudbard-Bell Date: Fri, 24 Sep 2021 20:08:10 +0000 (-0500) Subject: Fix time delta issues in ldap related code X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5d64bf66aeaa61db984924d16a3eb9c964b1066;p=thirdparty%2Ffreeradius-server.git Fix time delta issues in ldap related code --- diff --git a/src/lib/ldap/base.c b/src/lib/ldap/base.c index 4413aade0d..d6c12d990d 100644 --- a/src/lib/ldap/base.c +++ b/src/lib/ldap/base.c @@ -126,7 +126,7 @@ void fr_ldap_timeout_debug(request_t *request, fr_ldap_connection_t const *conn, ROPTIONAL(RDEBUG4, DEBUG4, "%s: Timeout settings", prefix); - if (timeout) { + if (fr_time_delta_ispos(timeout)) { ROPTIONAL(RDEBUG4, DEBUG4, "Client side result timeout (ovr): %pVs", fr_box_time_delta(timeout)); } else { @@ -412,7 +412,7 @@ fr_ldap_rcode_t fr_ldap_result(LDAPMessage **result, LDAPControl ***ctrls, ldap_get_option(conn->handle, LDAP_OPT_ERROR_NUMBER, &lib_errno); if (lib_errno != LDAP_SUCCESS) return fr_ldap_error_check(NULL, conn, NULL, dn); - if (!timeout) our_timeout = conn->config->res_timeout; + if (!fr_time_delta_ispos(timeout)) our_timeout = conn->config->res_timeout; /* * Now retrieve the result and check for errors @@ -524,7 +524,7 @@ fr_ldap_rcode_t fr_ldap_bind(request_t *request, /* We got a valid message ID */ if ((ret == 0) && (msgid >= 0)) ROPTIONAL(RDEBUG2, DEBUG2, "Waiting for bind result..."); - status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, 0); + status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, fr_time_delta_wrap(0)); } switch (status) { @@ -591,7 +591,7 @@ fr_ldap_rcode_t fr_ldap_search(LDAPMessage **result, request_t *request, fr_assert(*pconn && (*pconn)->handle); if (DEBUG_ENABLED4 || (request && RDEBUG_ENABLED4)) { - fr_ldap_timeout_debug(request, *pconn, 0, __FUNCTION__); + fr_ldap_timeout_debug(request, *pconn, fr_time_delta_wrap(0), __FUNCTION__); } /* @@ -607,7 +607,7 @@ fr_ldap_rcode_t fr_ldap_search(LDAPMessage **result, request_t *request, if ((*pconn)->rebound) { status = fr_ldap_bind(request, pconn, (*pconn)->config->admin_identity, (*pconn)->config->admin_password, - &(*pconn)->config->admin_sasl, 0, + &(*pconn)->config->admin_sasl, fr_time_delta_wrap(0), NULL, NULL); if (status != LDAP_PROC_SUCCESS) return LDAP_PROC_ERROR; @@ -634,7 +634,7 @@ fr_ldap_rcode_t fr_ldap_search(LDAPMessage **result, request_t *request, 0, our_serverctrls, our_clientctrls, NULL, 0, &msgid); ROPTIONAL(RDEBUG2, DEBUG2, "Waiting for search result..."); - status = fr_ldap_result(&our_result, NULL, *pconn, msgid, 1, dn, 0); + status = fr_ldap_result(&our_result, NULL, *pconn, msgid, 1, dn, fr_time_delta_wrap(0)); switch (status) { case LDAP_PROC_SUCCESS: break; @@ -716,7 +716,9 @@ fr_ldap_rcode_t fr_ldap_search_async(int *msgid, request_t *request, fr_assert(*pconn && (*pconn)->handle); - if (DEBUG_ENABLED4 || (request && RDEBUG_ENABLED4)) fr_ldap_timeout_debug(request, *pconn, 0, __FUNCTION__); + if (DEBUG_ENABLED4 || (request && RDEBUG_ENABLED4)) { + fr_ldap_timeout_debug(request, *pconn, fr_time_delta_wrap(0), __FUNCTION__); + } /* * OpenLDAP library doesn't declare attrs array as const, but @@ -731,7 +733,7 @@ fr_ldap_rcode_t fr_ldap_search_async(int *msgid, request_t *request, if ((*pconn)->rebound) { status = fr_ldap_bind(request, pconn, (*pconn)->config->admin_identity, (*pconn)->config->admin_password, - &(*pconn)->config->admin_sasl, 0, + &(*pconn)->config->admin_sasl, fr_time_delta_wrap(0), NULL, NULL); if (status != LDAP_PROC_SUCCESS) return LDAP_PROC_ERROR; @@ -797,7 +799,7 @@ fr_ldap_rcode_t fr_ldap_modify(request_t *request, fr_ldap_connection_t **pconn, fr_assert(*pconn && (*pconn)->handle); - if (RDEBUG_ENABLED4) fr_ldap_timeout_debug(request, *pconn, 0, __FUNCTION__); + if (RDEBUG_ENABLED4) fr_ldap_timeout_debug(request, *pconn, fr_time_delta_wrap(0), __FUNCTION__); /* * Perform all modifications as the admin user. @@ -806,7 +808,7 @@ fr_ldap_rcode_t fr_ldap_modify(request_t *request, fr_ldap_connection_t **pconn, status = fr_ldap_bind(request, pconn, (*pconn)->config->admin_identity, (*pconn)->config->admin_password, &(*pconn)->config->admin_sasl, - 0, NULL, NULL); + fr_time_delta_wrap(0), NULL, NULL); if (status != LDAP_PROC_SUCCESS) { return LDAP_PROC_ERROR; } @@ -820,7 +822,7 @@ fr_ldap_rcode_t fr_ldap_modify(request_t *request, fr_ldap_connection_t **pconn, (void) ldap_modify_ext((*pconn)->handle, dn, mods, our_serverctrls, our_clientctrls, &msgid); RDEBUG2("Waiting for modify result..."); - status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, 0); + status = fr_ldap_result(NULL, NULL, *pconn, msgid, 0, dn, fr_time_delta_wrap(0)); switch (status) { case LDAP_PROC_SUCCESS: break; diff --git a/src/lib/ldap/bind.c b/src/lib/ldap/bind.c index a54b522319..6e72feeb7e 100644 --- a/src/lib/ldap/bind.c +++ b/src/lib/ldap/bind.c @@ -76,7 +76,8 @@ static void _ldap_bind_io_read(UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED /* * We're I/O driven, if there's no data someone lied to us */ - status = fr_ldap_result(NULL, NULL, c, bind_ctx->msgid, LDAP_MSG_ALL, bind_ctx->bind_dn, 0); + status = fr_ldap_result(NULL, NULL, c, bind_ctx->msgid, LDAP_MSG_ALL, + bind_ctx->bind_dn, fr_time_delta_wrap(0)); talloc_free(bind_ctx); /* Also removes fd events */ switch (status) { @@ -126,7 +127,7 @@ static void _ldap_bind_io_write(fr_event_list_t *el, int fd, UNUSED int flags, v * Set timeout to be 0.0, which is the magic * non-blocking value. */ - (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(0)); + (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(fr_time_delta_wrap(0))); if (bind_ctx->password) { memcpy(&cred.bv_val, &bind_ctx->password, sizeof(cred.bv_val)); diff --git a/src/lib/ldap/connection.c b/src/lib/ldap/connection.c index 8d00533063..4d0e1959db 100644 --- a/src/lib/ldap/connection.c +++ b/src/lib/ldap/connection.c @@ -131,7 +131,7 @@ static int fr_ldap_rebind(LDAP *handle, LDAP_CONST char *url, } status = fr_ldap_bind(NULL, &conn, admin_identity, admin_password, - &conn->config->admin_sasl, 0, NULL, NULL); + &conn->config->admin_sasl, fr_time_delta_wrap(0), NULL, NULL); if (status != LDAP_PROC_SUCCESS) { ldap_get_option(handle, LDAP_OPT_ERROR_NUMBER, &ldap_errno); @@ -203,8 +203,10 @@ int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const goto error;\ } +DIAG_OFF(unused-macros) #define maybe_ldap_option(_option, _name, _value) \ if (_value) do_ldap_option(_option, _name, _value) +DIAG_ON(unused-macros) /* * Leave "dereference" unset to use the OpenLDAP default. @@ -237,8 +239,9 @@ int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const * libldap requires tv_sec to be -1 to mean that. */ do_ldap_option(LDAP_OPT_NETWORK_TIMEOUT, "net_timeout", - (config->net_timeout ? &fr_time_delta_to_timeval(config->net_timeout) : - &(struct timeval) { .tv_sec = -1, .tv_usec = 0 })); + (fr_time_delta_ispos(config->net_timeout) ? + &fr_time_delta_to_timeval(config->net_timeout) : + &(struct timeval) { .tv_sec = -1, .tv_usec = 0 })); #endif do_ldap_option(LDAP_OPT_TIMELIMIT, "srv_timelimit", &fr_time_delta_to_timeval(config->srv_timelimit)); @@ -252,13 +255,12 @@ int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const #endif #ifdef LDAP_OPT_X_KEEPALIVE_PROBES - do_ldap_option(LDAP_OPT_X_KEEPALIVE_PROBES, "keepalive_probes", - &fr_time_delta_to_timeval(config->keepalive_probes)); + do_ldap_option(LDAP_OPT_X_KEEPALIVE_PROBES, "keepalive_probes", config->keepalive_probes); #endif #ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL do_ldap_option(LDAP_OPT_X_KEEPALIVE_INTERVAL, "keepalive_interval", - &fr_time_delta_to_timeval(config->keepalive_interval)); + fr_time_delta_to_sec(config->keepalive_interval)); #endif #ifdef HAVE_LDAP_START_TLS_S @@ -448,7 +450,7 @@ static fr_connection_state_t _ldap_connection_init(void **h, fr_connection_t *co /* Don't block */ if (ldap_set_option(c->handle, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON) != LDAP_OPT_SUCCESS) goto error; - fr_ldap_connection_timeout_set(c, 0); /* Forces LDAP_X_CONNECTING */ + fr_ldap_connection_timeout_set(c, fr_time_delta_wrap(0)); /* Forces LDAP_X_CONNECTING */ state = fr_ldap_state_next(c); if (state == FR_LDAP_STATE_ERROR) goto error; @@ -498,8 +500,9 @@ int fr_ldap_connection_timeout_set(fr_ldap_connection_t const *c, fr_time_delta_ * libldap requires tv_sec to be -1 to mean that. */ do_ldap_option(LDAP_OPT_NETWORK_TIMEOUT, "net_timeout", - (timeout ? &fr_time_delta_to_timeval(timeout) : - &(struct timeval) { .tv_sec = -1, .tv_usec = 0 })); + (fr_time_delta_ispos(timeout) ? + &fr_time_delta_to_timeval(timeout) : + &(struct timeval) { .tv_sec = -1, .tv_usec = 0 })); #endif return 0; @@ -522,8 +525,9 @@ int fr_ldap_connection_timeout_reset(fr_ldap_connection_t const *c) * libldap requires tv_sec to be -1 to mean that. */ do_ldap_option(LDAP_OPT_NETWORK_TIMEOUT, "net_timeout", - (c->config->net_timeout ? &fr_time_delta_to_timeval(c->config->net_timeout) : - &(struct timeval) { .tv_sec = -1, .tv_usec = 0 })); + (fr_time_delta_ispos(c->config->net_timeout) ? + &fr_time_delta_to_timeval(c->config->net_timeout) : + &(struct timeval) { .tv_sec = -1, .tv_usec = 0 })); #endif return 0; diff --git a/src/lib/ldap/start_tls.c b/src/lib/ldap/start_tls.c index 58e8a63868..4eb2df087a 100644 --- a/src/lib/ldap/start_tls.c +++ b/src/lib/ldap/start_tls.c @@ -103,7 +103,7 @@ static void _ldap_start_tls_io_read(UNUSED fr_event_list_t *el, UNUSED int fd, U /* * We're I/O driven, if there's no data someone lied to us */ - status = fr_ldap_result(NULL, NULL, c, tls_ctx->msgid, LDAP_MSG_ALL, NULL, 0); + status = fr_ldap_result(NULL, NULL, c, tls_ctx->msgid, LDAP_MSG_ALL, NULL, fr_time_delta_wrap(0)); talloc_free(tls_ctx); /* Free explicitly so we don't accumulate contexts */ switch (status) { @@ -165,7 +165,7 @@ static void _ldap_start_tls_io_write(fr_event_list_t *el, int fd, UNUSED int fla * Set timeout to be 0.0, which is the magic * non-blocking value. */ - (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(0)); + (void) ldap_set_option(c->handle, LDAP_OPT_NETWORK_TIMEOUT, &fr_time_delta_to_timeval(fr_time_delta_wrap(0))); ret = ldap_start_tls(c->handle, our_serverctrls, our_clientctrls, &tls_ctx->msgid); /* * If the handle was not connected, this operation diff --git a/src/lib/ldap/util.c b/src/lib/ldap/util.c index ff3da18454..4763b3a669 100644 --- a/src/lib/ldap/util.c +++ b/src/lib/ldap/util.c @@ -270,7 +270,11 @@ bool fr_ldap_util_is_dn(char const *in, size_t inlen) * - 0 on success. * - -1 on failure. */ -int fr_ldap_parse_url_extensions(LDAPControl **sss, request_t *request, fr_ldap_connection_t *conn, char **extensions) +int fr_ldap_parse_url_extensions(LDAPControl **sss, request_t *request, +#ifndef HAVE_LDAP_CREATE_SORT_CONTROL + UNUSED +#endif + fr_ldap_connection_t *conn, char **extensions) { int i; diff --git a/src/modules/proto_ldap_sync/proto_ldap_sync.c b/src/modules/proto_ldap_sync/proto_ldap_sync.c index f8b72bd3ec..aa22c77e96 100644 --- a/src/modules/proto_ldap_sync/proto_ldap_sync.c +++ b/src/modules/proto_ldap_sync/proto_ldap_sync.c @@ -1015,7 +1015,7 @@ static int proto_ldap_socket_open(UNUSED CONF_SECTION *cs, rad_listen_t *listen) &inst->conn, inst->conn->config->admin_identity, inst->conn->config->admin_password, &(inst->conn->config->admin_sasl), - 0, + fr_time_delta_wrap(0), NULL, NULL); if (status != LDAP_PROC_SUCCESS) goto error; diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 85e7baf621..6d97e43851 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -896,7 +896,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, &conn, dn, password->vp_strvalue, inst->user_sasl.mech ? &sasl : NULL, - 0, + fr_time_delta_wrap(0), NULL, NULL); switch (status) { case LDAP_PROC_SUCCESS: @@ -1138,7 +1138,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * Bind as the user */ conn->rebound = true; - status = fr_ldap_bind(request, &conn, dn, vp->vp_strvalue, NULL, 0, NULL, NULL); + status = fr_ldap_bind(request, &conn, dn, vp->vp_strvalue, NULL, + fr_time_delta_wrap(0), NULL, NULL); switch (status) { case LDAP_PROC_SUCCESS: rcode = RLM_MODULE_OK; diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c index 1e4eb872b7..c7ad63e643 100644 --- a/src/modules/rlm_ldap/user.c +++ b/src/modules/rlm_ldap/user.c @@ -104,7 +104,7 @@ char const *rlm_ldap_find_user(rlm_ldap_t const *inst, request_t *request, fr_ld if ((*pconn)->rebound) { status = fr_ldap_bind(request, pconn, (*pconn)->config->admin_identity, (*pconn)->config->admin_password, &(*pconn)->config->admin_sasl, - 0, NULL, NULL); + fr_time_delta_wrap(0), NULL, NULL); if (status != LDAP_PROC_SUCCESS) { *rcode = RLM_MODULE_FAIL; return NULL;