From 0bd9bc6ecae10fa21e4315ea9f20b52fc5883f30 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Thu, 18 Nov 2004 11:43:14 +0000
Subject: r3841: Time out in ads search queries. Even AD servers can hang.

Volker
(This used to be commit fc454c8ef6321fba9efa42a704c8e8c707361af3)
---
 source3/libads/ldap.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 7 deletions(-)

(limited to 'source3')

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 252cd718c8..7bddc0e9b5 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -67,6 +67,40 @@ static void gotalarm_sig(void)
 	return ldp;
 }
 
+static int ldap_search_with_timeout(LDAP *ld,
+				    LDAP_CONST char *base,
+				    int scope,
+				    LDAP_CONST char *filter,
+				    char **attrs,
+				    int attrsonly,
+				    LDAPControl **sctrls,
+				    LDAPControl **cctrls,
+				    struct timeval *timeout,
+				    int sizelimit,
+				    LDAPMessage **res )
+{
+	int result;
+
+	/* Setup timeout */
+	gotalarm = 0;
+	CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+	alarm(lp_ldap_timeout());
+	/* End setup timeout. */
+
+	result = ldap_search_ext_s(ld, base, scope, filter, attrs,
+				   attrsonly, sctrls, cctrls, timeout,
+				   sizelimit, res);
+
+	/* Teardown timeout. */
+	CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
+	alarm(0);
+
+	if (gotalarm != 0)
+		return LDAP_TIMELIMIT_EXCEEDED;
+
+	return result;
+}
+
 /*
   try a connection to a given ldap server, returning True and setting the servers IP
   in the ads struct if successful
@@ -466,15 +500,17 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path,
 	*/
 	ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
 
-	rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_expr, 
-			       search_attrs, 0, controls,
-			       NULL, NULL, LDAP_NO_LIMIT, (LDAPMessage **)res);
+	rc = ldap_search_with_timeout(ads->ld, utf8_path, scope, utf8_expr, 
+				      search_attrs, 0, controls,
+				      NULL, NULL, LDAP_NO_LIMIT,
+				      (LDAPMessage **)res);
 
 	ber_free(cookie_be, 1);
 	ber_bvfree(cookie_bv);
 
 	if (rc) {
-		DEBUG(3,("ldap_search_ext_s(%s) -> %s\n", expr, ldap_err2string(rc)));
+		DEBUG(3,("ldap_search_with_timeout(%s) -> %s\n", expr,
+			 ldap_err2string(rc)));
 		goto done;
 	}
 
@@ -657,9 +693,10 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
 	/* see the note in ads_do_paged_search - we *must* disable referrals */
 	ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
 
-	rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_expr,
-			       search_attrs, 0, NULL, NULL, 
-			       &timeout, LDAP_NO_LIMIT, (LDAPMessage **)res);
+	rc = ldap_search_with_timeout(ads->ld, utf8_path, scope, utf8_expr,
+				      search_attrs, 0, NULL, NULL, 
+				      &timeout, LDAP_NO_LIMIT,
+				      (LDAPMessage **)res);
 
 	if (rc == LDAP_SIZELIMIT_EXCEEDED) {
 		DEBUG(3,("Warning! sizelimit exceeded in ldap. Truncating.\n"));
-- 
cgit