ldap module: retry on initial connection

LDAP library returns a partially open handle for connection. Retrying
connection on module instantiation helps to succesfully connect
using this partially open handle.

Resolves: #1992551
This commit is contained in:
Antonio Torres 2021-10-13 14:10:04 +02:00
parent f0aba117d7
commit e0e1728663
2 changed files with 56 additions and 1 deletions

View File

@ -0,0 +1,49 @@
From ab6bbcc41293ae745c1607618f88e5404b98d769 Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Wed, 13 Oct 2021 13:29:02 +0200
Subject: [PATCH] ldap: allow to connect on partially open handle
The LDAP library returns a partially open connection. Setting the
'retry' flag to true during the module inst creation and the pool start
to 0 allows to connect even if the connection is not completely opened
yet.
Upstream commit: https://github.com/FreeRADIUS/freeradius-server/commit/21d95b268b4cf56e75064898d83123825d673818
Signed-off-by: Antonio Torres <antorres@redhat.com>
---
diff --git a/src/modules/rlm_ldap/ldap.c b/src/modules/rlm_ldap/ldap.c
index f25ee9e2e0..4b6ae44afb 100644
--- a/src/modules/rlm_ldap/ldap.c
+++ b/src/modules/rlm_ldap/ldap.c
@@ -717,7 +717,8 @@ ldap_rcode_t rlm_ldap_bind(rlm_ldap_t const *inst, REQUEST *request, ldap_handle
* For sanity, for when no connections are viable,
* and we can't make a new one.
*/
- num = retry ? fr_connection_pool_get_num(inst->pool) : 0;
+ num = 0;
+ if (inst->pool && retry) num = fr_connection_pool_get_num(inst->pool);
for (i = num; i >= 0; i--) {
#ifdef WITH_SASL
if (sasl && sasl->mech) {
@@ -758,7 +759,7 @@ ldap_rcode_t rlm_ldap_bind(rlm_ldap_t const *inst, REQUEST *request, ldap_handle
break;
case LDAP_PROC_RETRY:
- if (retry) {
+ if (num) {
*pconn = fr_connection_reconnect(inst->pool, *pconn);
if (*pconn) {
LDAP_DBGW_REQ("Bind with %s to %s failed: %s. Got new socket, retrying...",
@@ -1563,7 +1564,7 @@ void *mod_conn_create(TALLOC_CTX *ctx, void *instance)
}
status = rlm_ldap_bind(inst, NULL, &conn, conn->inst->admin_identity, conn->inst->admin_password,
- &(conn->inst->admin_sasl), false);
+ &(conn->inst->admin_sasl), true);
if (status != LDAP_PROC_SUCCESS) {
goto error;
}
--
2.31.1

View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server Summary: High-performance and highly configurable free RADIUS server
Name: freeradius Name: freeradius
Version: 3.0.21 Version: 3.0.21
Release: 21%{?dist} Release: 22%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/ URL: http://www.freeradius.org/
@ -26,6 +26,7 @@ Patch3: freeradius-bootstrap-create-only.patch
Patch4: freeradius-no-buildtime-cert-gen.patch Patch4: freeradius-no-buildtime-cert-gen.patch
Patch5: freeradius-bootstrap-make-permissions.patch Patch5: freeradius-bootstrap-make-permissions.patch
Patch6: freeradius-Fix-resource-hard-limit-error.patch Patch6: freeradius-Fix-resource-hard-limit-error.patch
Patch7: freeradius-ldap-allow-to-connect-on-partially-open-handle.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@ -209,6 +210,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
%build %build
# Force compile/link options, extra security for network facing daemon # Force compile/link options, extra security for network facing daemon
@ -851,6 +853,10 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog %changelog
* Wed Oct 13 2021 Antonio Torres <antorres@redhat.com> - 3.0.21-22
- Allow to connect to partially open LDAP handle
Related: rhbz#1992551
* Mon Sep 27 2021 Antonio Torres <antorres@redhat.com> - 3.0.21-21 * Mon Sep 27 2021 Antonio Torres <antorres@redhat.com> - 3.0.21-21
- Move FR's systemd unit PID file from /var/run to /run - Move FR's systemd unit PID file from /var/run to /run
Related: rhbz#2006368 Related: rhbz#2006368