ITS#9502 Implement LDAP_OPT_TCP_USER_TIMEOUT

32a278d0 · Nadezhda Ivanova · Quanah Gibson-Mount · 61578236 · 32a278d0 · 32a278d0
Commit 32a278d0 authored Mar 15, 2021 by Nadezhda Ivanova Committed by Quanah Gibson-Mount Apr 30, 2021
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -451,6 +451,11 @@ Instructs
 .BR ldap_result (3)
 to keep the connection open on read error or if Notice of Disconnection is received. In these cases, the connection should be closed by the caller.
 This option is OpenLDAP specific.
+.TP
+.B LDAP_OPT_TCP_USER_TIMEOUT
+Allows to configure TCP_USER_TIMEOUT in milliseconds on the connection, overriding the operating system setting.
+This option is OpenLDAP specific and supported only on Linux 2.6.37 or higher.
+
 .SH SASL OPTIONS
 The SASL options are OpenLDAP specific.
 .TP

--- a/include/ldap.h
+++ b/include/ldap.h
@@ -133,6 +133,7 @@ LDAP_BEGIN_DECL
 #define	LDAP_OPT_SESSION_REFCNT		0x5012	/* session reference count */
 #define	LDAP_OPT_KEEPCONN		0x5013	/* keep the connection on read error or NoD */
 #define	LDAP_OPT_SOCKET_BIND_ADDRESSES	0x5014	/* user configured bind IPs */
+#define	LDAP_OPT_TCP_USER_TIMEOUT	0x5015	/* set TCP_USER_TIMEOUT if the OS supports it, ignored otherwise */

 /* OpenLDAP TLS options */
 #define LDAP_OPT_X_TLS				0x6000

--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -620,6 +620,8 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl
 	gopts->ldo_keepalive_interval = 0;
 	gopts->ldo_keepalive_idle = 0;

+	gopts->ldo_tcp_user_timeout = 0;
+
 #ifdef LDAP_R_COMPILE
 	ldap_pvt_thread_mutex_init( &gopts->ldo_mutex );
 #endif

--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -248,6 +248,12 @@ struct ldapoptions {
 	ber_int_t ldo_keepalive_probes;
 	ber_int_t ldo_keepalive_interval;

+	/*
+	 * Per connection tcp user timeout (Linux >= 2.6.37 only,
+	 * ignored where unsupported)
+	 */
+	ber_uint_t ldo_tcp_user_timeout;
+
 	int		ldo_refhoplimit;	/* limit on referral nesting */

 	/* LDAPv3 server and client controls */
@@ -267,7 +273,7 @@ struct ldapoptions {

 	LDAP_BOOLEANS ldo_booleans;	/* boolean options */

-#define LDAP_LDO_NULLARG	,0,0,0,0 ,{0},{0} ,0,0,0,0, 0,0,0,0, 0,0, 0,0,0,0,0,0, 0, 0
+#define LDAP_LDO_NULLARG	,0,0,0,0 ,{0},{0} ,0,0,0,0, 0,0,0,0,0, 0,0, 0,0,0,0,0,0, 0, 0

 	/* LDAP user configured bind IPs */
 	struct ldapsourceip ldo_local_ip_addrs;

--- a/libraries/libldap/options.c
+++ b/libraries/libldap/options.c
@@ -418,6 +418,11 @@ ldap_get_option(
 		rc = LDAP_OPT_SUCCESS;
 		break;

+	case LDAP_OPT_TCP_USER_TIMEOUT:
+		* (unsigned int *) outvalue = lo->ldo_tcp_user_timeout;
+		rc = LDAP_OPT_SUCCESS;
+		break;
+
 	default:
 #ifdef HAVE_TLS
 		if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
@@ -842,6 +847,7 @@ ldap_set_option(
 	case LDAP_OPT_X_KEEPALIVE_IDLE:
 	case LDAP_OPT_X_KEEPALIVE_PROBES :
 	case LDAP_OPT_X_KEEPALIVE_INTERVAL :
+	case LDAP_OPT_TCP_USER_TIMEOUT:
 		if(invalue == NULL) {
 			/* no place to set from */
 			LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
@@ -962,6 +968,10 @@ ldap_set_option(
 		lo->ldo_keepalive_interval = * (const int *) invalue;
 		rc = LDAP_OPT_SUCCESS;
 		break;
+	case LDAP_OPT_TCP_USER_TIMEOUT:
+		lo->ldo_tcp_user_timeout = * (const unsigned int *) invalue;
+		rc = LDAP_OPT_SUCCESS;
+		break;
 	
 	}
 	LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );

--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@@ -118,7 +118,7 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
 {
 	Debug1(LDAP_DEBUG_TRACE, "ldap_prepare_socket: %d\n", s );

-#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY )
+#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY ) || defined( TCP_USER_TIMEOUT )
 	if ( proto == LDAP_PROTO_TCP ) {
 		int dummy = 1;
 #ifdef SO_KEEPALIVE
@@ -190,8 +190,25 @@ ldap_int_prepare_socket(LDAP *ld, int s, int proto )
 				s );
 		}
 #endif /* TCP_NODELAY */
+		if ( ld->ld_options.ldo_tcp_user_timeout > 0 )
+		{
+#ifdef TCP_USER_TIMEOUT
+			if ( setsockopt( s, IPPROTO_TCP, TCP_USER_TIMEOUT,
+					(void*) &ld->ld_options.ldo_tcp_user_timeout,
+					sizeof(ld->ld_options.ldo_tcp_user_timeout) ) == AC_SOCKET_ERROR )
+			{
+				Debug1(LDAP_DEBUG_TRACE,
+					"ldap_prepare_socket: "
+					"setsockopt(%d, TCP_USER_TIMEOUT) failed (ignored).\n",
+					s );
+			}
+#else
+			Debug0(LDAP_DEBUG_TRACE, "ldap_prepare_socket: "
+			       "sockopt TCP_USER_TIMEOUT not supported on this system.\n" );
+#endif /* TCP_USER_TIMEOUT */
+		}
 	}
-#endif /* SO_KEEPALIVE || TCP_NODELAY */
+#endif /* SO_KEEPALIVE || TCP_NODELAY || TCP_USER_TIMEOUT */

 	return 0;
 }