Added a new LDAPConnectionTimeout directive to util_ldap so that the socket... (947cbcdd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		Changes with Apache 2.0.54

		*) mod_ldap: Added the directive LDAPConnectionTimeout to configure
		the ldap socket connection timeout value.
		[Brad Nicholes]

		*) Correctly export all mod_dav public functions.
		[Branko ibej <brane xbc.nu>]

STATUS

+0 −5

Original line number	Diff line number	Diff line
		@@ -94,11 +94,6 @@ PATCHES TO BACKPORT FROM TRUNK:
		identify exactly what the proposed changes are! ]
		[ please append new backports at the end of this list not the top. ]

		*) util_ldap: Add the directive LDAPConnectionTimeout to control
		the socket timeout value when binding to an LDAP server
		svn rev 126565
		+1: bnicholes, trawick (no need for APLOG_NOERRNO in Apache >=2), jim

		*) several changes to improve logging of connection-oriented errors, including
		ap_log_cerror() API (needs minor bump in addition to changes below)
		http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291

docs/manual/mod/mod_ldap.xml

+15 −0

Original line number	Diff line number	Diff line
		@@ -340,4 +340,19 @@ valid</description>
		</usage>
		</directivesynopsis>

		<directivesynopsis>
		<name>LDAPConnectionTimeout</name>
		<description>Specifies the socket connection timeout in seconds</description>
		<syntax>LDAPConnectionTimeout <var>seconds</var></syntax>
		<contextlist><context>server config</context></contextlist>

		<usage>
		<p>Specifies the timeout value (in seconds) in which the module will
		attempt to connect to the LDAP server. If a connection is not
		successful with the timeout period, either an error will be
		returned or the module will attempt to connect to a secondary LDAP
		server if one is specified. The default is 10 seconds.</p>
		</usage>
		</directivesynopsis>

		</modulesynopsis>

include/util_ldap.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -126,6 +126,7 @@ typedef struct util_ldap_state_t {
		/* cache ald */
		void *util_ldap_cache;
		char lock_file; / filename for shm lock mutex */
		int connectionTimeout;

		} util_ldap_state_t;

modules/experimental/util_ldap.c

+45 −0

Original line number	Diff line number	Diff line
		@@ -1330,6 +1330,30 @@ static const char util_ldap_set_cert_type(cmd_parms cmd, void *dummy, const ch
		return(NULL);
		}

		static const char util_ldap_set_connection_timeout(cmd_parms cmd, void dummy, const char ttl)
		{
		util_ldap_state_t *st =
		(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
		&ldap_module);
		const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);

		if (err != NULL) {
		return err;
		}

		#ifdef LDAP_OPT_NETWORK_TIMEOUT
		st->connectionTimeout = atol(ttl);

		ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, cmd->server,
		"[%d] ldap connection: Setting connection timeout to %ld seconds.",
		getpid(), st->connectionTimeout);
		#else
		ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server,
		"LDAP: Connection timout option not supported by the LDAP SDK in use." );
		#endif

		return NULL;
		}

		void util_ldap_create_config(apr_pool_t p, server_rec *s)
		{
		@@ -1347,6 +1371,7 @@ void util_ldap_create_config(apr_pool_t p, server_rec *s)
		st->cert_auth_file = NULL;
		st->cert_file_type = LDAP_CA_TYPE_UNKNOWN;
		st->ssl_support = 0;
		st->connectionTimeout = 10;

		return st;
		}
		@@ -1379,6 +1404,7 @@ static int util_ldap_post_config(apr_pool_t p, apr_pool_t plog,

		void *data;
		const char *userdata_key = "util_ldap_init";
		struct timeval timeOut = {10,0}; /* 10 second connection timeout */

		/* util_ldap_post_config() will be called twice. Don't bother
		* going through all of the initialization on the first call
		@@ -1603,6 +1629,20 @@ static int util_ldap_post_config(apr_pool_t p, apr_pool_t plog,
		"LDAP: SSL support unavailable" );
		}

		#ifdef LDAP_OPT_NETWORK_TIMEOUT
		if (st->connectionTimeout > 0) {
		timeOut.tv_sec = st->connectionTimeout;
		}

		if (st->connectionTimeout >= 0) {
		rc = ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, (void *)&timeOut);
		if (APR_SUCCESS != rc) {
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
		"LDAP: Could not set the connection timeout" );
		}
		}
		#endif

		return(OK);
		}

		@@ -1667,6 +1707,11 @@ command_rec util_ldap_cmds[] = {
		" DER_FILE - file in binary DER format "
		" BASE64_FILE - file in Base64 format "
		" CERT7_DB_PATH - Netscape certificate database file "),

		AP_INIT_TAKE1("LDAPConnectionTimeout", util_ldap_set_connection_timeout, NULL, RSRC_CONF,
		"Specifies the LDAP socket connection timeout in seconds. "
		"Default is 10 seconds. "),

		{NULL}
		};

Admin message