Merge remote-tracking branch 'origin/mdb.master' into OPENLDAP_REL_ENG_2_4

[openldap] / servers / slapd / back-bdb / bind.c

diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c
index 3f6b37a908a9b02116471645c4afcebd982c2ddf..228fe72db7fe6acb9319a79b412124751451be67 100644 (file)
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2007 The OpenLDAP Foundation.
+ * Copyright 2000-2013 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,39 +32,30 @@ bdb_bind( Operation *op, SlapReply *rs )
 
        AttributeDescription *password = slap_schema.si_ad_userPassword;
 
-       BDB_LOCKER      locker;
+       DB_TXN          *rtxn;
        DB_LOCK         lock;
 
        Debug( LDAP_DEBUG_ARGS,
                "==> " LDAP_XSTRING(bdb_bind) ": dn: %s\n",
                op->o_req_dn.bv_val, 0, 0);
 
-#ifdef LDAP_DEVEL
-       /* allow noauth binds */
-       switch ( be_rootdn_bind( op, rs ) ) {
-       case SLAP_CB_CONTINUE:
-               break;
-
-       default:
-               /* in case of success, frontend will send result;
-                * otherwise, be_rootdn_bind() did */
-               return rs->sr_err;
-       }
-
-#else /* traditional */
        /* allow noauth binds */
        switch ( be_rootdn_bind( op, NULL ) ) {
        case LDAP_SUCCESS:
                /* frontend will send result */
-               return rs->sr_err;
+               return rs->sr_err = LDAP_SUCCESS;
 
        default:
-               /* give the database a chanche */
+               /* give the database a chance */
+               /* NOTE: this behavior departs from that of other backends,
+                * since the others, in case of password checking failure
+                * do not give the database a chance.  If an entry with
+                * rootdn's name does not exist in the database the result
+                * will be the same.  See ITS#4962 for discussion. */
                break;
        }
-#endif /* traditional */
 
-       rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
+       rs->sr_err = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
        switch(rs->sr_err) {
        case 0:
                break;
@@ -76,8 +67,8 @@ bdb_bind( Operation *op, SlapReply *rs )
 
 dn2entry_retry:
        /* get entry with reader lock */
-       rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
-               locker, &lock );
+       rs->sr_err = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1,
+               &lock );
 
        switch(rs->sr_err) {
        case DB_NOTFOUND:
@@ -85,14 +76,12 @@ dn2entry_retry:
                break;
        case LDAP_BUSY:
                send_ldap_error( op, rs, LDAP_BUSY, "ldap_server_busy" );
-               LOCK_ID_FREE(bdb->bi_dbenv, locker);
                return LDAP_BUSY;
        case DB_LOCK_DEADLOCK:
        case DB_LOCK_NOTGRANTED:
                goto dn2entry_retry;
        default:
                send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
-               LOCK_ID_FREE(bdb->bi_dbenv, locker);
                return rs->sr_err;
        }
 
@@ -106,8 +95,6 @@ dn2entry_retry:
                rs->sr_err = LDAP_INVALID_CREDENTIALS;
                send_ldap_result( op, rs );
 
-               LOCK_ID_FREE(bdb->bi_dbenv, locker);
-
                return rs->sr_err;
        }
 
@@ -167,8 +154,6 @@ done:
                bdb_cache_return_entry_r( bdb, e, &lock );
        }
 
-       LOCK_ID_FREE(bdb->bi_dbenv, locker);
-
        if ( rs->sr_err ) {
                send_ldap_result( op, rs );
                if ( rs->sr_ref ) {