From bb62d9cb732c894023c5c9f5893acf40add7376c Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 31 Aug 2017 16:53:45 +0100
Subject: [PATCH] ITS#8270 use the configured exop timeout for StartTLS

Also, there's no need for a retry loop here. Just wait for
the specified timeout or give up.
---
 servers/slapd/back-ldap/back-ldap.h |  2 ++
 servers/slapd/back-ldap/bind.c      | 29 +++++++++++------------------
 2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 0ef99e06d8..5248000546 100644
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -89,6 +89,7 @@ typedef struct ldapconn_base_t {
 	(BER_BVISEMPTY(&(op)->o_ndn) ? \
 		LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
 
+	struct ldapinfo_t	*lcb_ldapinfo;
 	struct berval		lcb_local_ndn;
 	unsigned		lcb_refcnt;
 	time_t			lcb_create_time;
@@ -98,6 +99,7 @@ typedef struct ldapconn_base_t {
 typedef struct ldapconn_t {
 	ldapconn_base_t		lc_base;
 #define	lc_conn			lc_base.lcb_conn
+#define	lc_ldapinfo			lc_base.lcb_ldapinfo
 #define	lc_local_ndn		lc_base.lcb_local_ndn
 #define	lc_refcnt		lc_base.lcb_refcnt
 #define	lc_create_time		lc_base.lcb_create_time
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 5d6034ad67..f2b3fe26bf 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -530,7 +530,7 @@ ldap_back_start_tls(
 	int		*is_tls,
 	const char	*url,
 	unsigned	flags,
-	int		retries,
+	int		timeout,
 	const char	**text )
 {
 	int		rc = LDAP_SUCCESS;
@@ -565,22 +565,14 @@ ldap_back_start_tls(
 			LDAPMessage	*res = NULL;
 			struct timeval	tv;
 
-			LDAP_BACK_TV_SET( &tv );
-
-retry:;
+			if ( timeout ) {
+				tv.tv_sec = timeout;
+				tv.tv_usec = 0;
+			} else {
+				LDAP_BACK_TV_SET( &tv );
+			}
 			rc = ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res );
-			if ( rc < 0 ) {
-				rc = LDAP_UNAVAILABLE;
-
-			} else if ( rc == 0 ) {
-				if ( retries != LDAP_BACK_RETRY_NEVER ) {
-					ldap_pvt_thread_yield();
-					if ( retries > 0 ) {
-						retries--;
-					}
-					LDAP_BACK_TV_SET( &tv );
-					goto retry;
-				}
+			if ( rc <= 0 ) {
 				rc = LDAP_UNAVAILABLE;
 
 			} else if ( rc == LDAP_RES_EXTENDED ) {
@@ -752,7 +744,7 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
 	assert( li->li_uri_mutex_do_not_lock == 0 );
 	li->li_uri_mutex_do_not_lock = 1;
 	rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
-			li->li_uri, flags, li->li_nretries, &rs->sr_text );
+			li->li_uri, flags, li->li_timeout[ SLAP_OP_EXTENDED ], &rs->sr_text );
 	li->li_uri_mutex_do_not_lock = 0;
 	ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -978,6 +970,7 @@ retry_lock:
 		lc = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
 		lc->lc_flags = li->li_flags;
 		lc->lc_lcflags = lc_curr.lc_lcflags;
+		lc->lc_ldapinfo = li;
 		if ( ldap_back_prepare_conn( lc, op, rs, sendok ) != LDAP_SUCCESS ) {
 			ch_free( lc );
 			return NULL;
@@ -1647,7 +1640,7 @@ ldap_back_default_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
 		const char	*text = NULL;
 
 		rc = ldap_back_start_tls( ld, 0, &is_tls, url, lc->lc_flags,
-			LDAP_BACK_RETRY_DEFAULT, &text );
+			lc->lc_ldapinfo->li_timeout[ SLAP_OP_EXTENDED ], &text );
 		if ( rc != LDAP_SUCCESS ) {
 			return rc;
 		}
-- 
2.39.5