dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   d6181b5810c43306f4897237162410fa1c2ada02
  2.   SOURCES
  3.   0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch
Blob History Raw
d6181b 
From 5afd3f6030a78d1c3631c645955c0804b7e7abce Mon Sep 17 00:00:00 2001
d6181b 
From: Tomas Halman <thalman@redhat.com>
d6181b 
Date: Mon, 24 Jun 2019 15:58:09 +0200
d6181b 
Subject: [PATCH 3/4] LDAP: failover does not work on non-responsive ldaps
d6181b
d6181b 
In case ldaps:// is used, then establishing the secure socket is
d6181b 
a sychronous operation. If there's nothing on the other end, then
d6181b 
the process would be stuck waiting in for the crypto library
d6181b 
to finish.
d6181b
d6181b 
Here we set socket read/write timeout so the operation can finish
d6181b 
in reasonable time with an error. The ldap_network_timeout
d6181b 
option is used for this timeout.
d6181b
d6181b 
Resolves:
d6181b 
https://pagure.io/SSSD/sssd/issue/2878
d6181b
d6181b 
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
d6181b 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
d6181b 
---
d6181b 
 src/util/sss_sockets.c | 26 ++++++++++++++++++++++++--
d6181b 
 1 file changed, 24 insertions(+), 2 deletions(-)
d6181b
d6181b 
diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
d6181b 
index 5e9be9ebd..0e4d8df8a 100644
d6181b 
--- a/src/util/sss_sockets.c
d6181b 
+++ b/src/util/sss_sockets.c
d6181b 
@@ -74,10 +74,11 @@ static errno_t set_fcntl_flags(int fd, int fd_flags, int fl_flags)
d6181b 
     return EOK;
d6181b 
 }
d6181b
d6181b 
-static errno_t set_fd_common_opts(int fd)
d6181b 
+static errno_t set_fd_common_opts(int fd, int timeout)
d6181b 
 {
d6181b 
     int dummy = 1;
d6181b 
     int ret;
d6181b 
+    struct timeval tv;
d6181b
d6181b 
     /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
d6181b 
      * failures are ignored.*/
d6181b 
@@ -97,6 +98,27 @@ static errno_t set_fd_common_opts(int fd)
d6181b 
                   strerror(ret));
d6181b 
     }
d6181b
d6181b 
+    if (timeout > 0) {
d6181b 
+        /* Set socket read & write timeout */
d6181b 
+        tv = tevent_timeval_set(timeout, 0);
d6181b 
+
d6181b 
+        ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
d6181b 
+        if (ret != 0) {
d6181b 
+            ret = errno;
d6181b 
+            DEBUG(SSSDBG_FUNC_DATA,
d6181b 
+                  "setsockopt SO_RCVTIMEO failed.[%d][%s].\n", ret,
d6181b 
+                  strerror(ret));
d6181b 
+        }
d6181b 
+
d6181b 
+        ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
d6181b 
+        if (ret != 0) {
d6181b 
+            ret = errno;
d6181b 
+            DEBUG(SSSDBG_FUNC_DATA,
d6181b 
+                  "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
d6181b 
+                  strerror(ret));
d6181b 
+        }
d6181b 
+    }
d6181b 
+
d6181b 
     return EOK;
d6181b 
 }
d6181b
d6181b 
@@ -264,7 +286,7 @@ struct tevent_req *sssd_async_socket_init_send(TALLOC_CTX *mem_ctx,
d6181b 
         goto fail;
d6181b 
     }
d6181b
d6181b 
-    ret = set_fd_common_opts(state->sd);
d6181b 
+    ret = set_fd_common_opts(state->sd, timeout);
d6181b 
     if (ret != EOK) {
d6181b 
         DEBUG(SSSDBG_CRIT_FAILURE, "set_fd_common_opts failed.\n");
d6181b 
         goto fail;
d6181b 
--
d6181b 
2.20.1
d6181b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation