Use recursive mutex to avoid deadlocks

[openldap] / servers / slapd / controls.c

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 426b9cb02c9377b6133dd2c8a6aab608a947bbb4..26e2461515939dc580e2309ae1f4929c81475776 100644 (file)
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -96,7 +96,7 @@ static int num_known_controls = 1;
 
 static char *proxy_authz_extops[] = {
        LDAP_EXOP_MODIFY_PASSWD,
-       LDAP_EXOP_X_WHO_AM_I,
+       LDAP_EXOP_WHO_AM_I,
        LDAP_EXOP_REFRESH,
        NULL
 };
@@ -183,6 +183,13 @@ static struct slap_control control_defs[] = {
                SLAP_CTRL_GLOBAL|SLAP_CTRL_UPDATE|SLAP_CTRL_HIDE,
                NULL, NULL,
                parseManageDIT, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
+#ifdef LDAP_X_TXN
+       { LDAP_CONTROL_X_TXN_SPEC,
+               (int)offsetof(struct slap_control_ids, sc_txnSpec),
+               SLAP_CTRL_UPDATE|SLAP_CTRL_HIDE,
+               NULL, NULL,
+               txn_spec_ctrl, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
        { LDAP_CONTROL_MANAGEDSAIT,
                (int)offsetof(struct slap_control_ids, sc_manageDSAit),
@@ -194,7 +201,7 @@ static struct slap_control control_defs[] = {
                SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS,
                proxy_authz_extops, NULL,
                parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) },
-       { NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) }
+       { NULL, 0, 0, NULL, 0, NULL, LDAP_SLIST_ENTRY_INITIALIZER(next) }
 };
 
 static struct slap_control *
@@ -286,7 +293,17 @@ register_supported_control2(const char *controloid,
 
        } else {
                if ( sc->sc_extendedopsbv ) {
-                       ber_bvarray_free( sc->sc_extendedops );
+                       /* FIXME: in principle, we should rather merge
+                        * existing extops with those supported by the
+                        * new control handling implementation.
+                        * In fact, whether a control is compatible with
+                        * an extop should not be a matter of implementation.
+                        * We likely also need a means for a newly
+                        * registered extop to declare that it is
+                        * comptible with an already registered control.
+                        */
+                       ber_bvarray_free( sc->sc_extendedopsbv );
+                       sc->sc_extendedopsbv = NULL;
                        sc->sc_extendedops = NULL;
                }
        }
@@ -403,7 +420,7 @@ get_supported_controls(char ***ctrloidsp,
        }
        masks = (slap_mask_t *)SLAP_MALLOC( (n + 1) * sizeof(slap_mask_t) );
        if  ( masks == NULL ) {
-               ch_free( oids );
+               SLAP_FREE( oids );
                return LDAP_NO_MEMORY;
        }
 
@@ -475,9 +492,11 @@ slap_global_control( Operation *op, const char *oid, int *cid )
                return LDAP_COMPARE_TRUE;
        }
 
+#if 0
        Debug( LDAP_DEBUG_TRACE,
                "slap_global_control: unavailable control: %s\n",      
                oid, 0, 0 );
+#endif
 
        return LDAP_COMPARE_FALSE;
 }
@@ -911,8 +930,8 @@ static int parseProxyAuthz (
        if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
                && BER_BVISEMPTY( &op->o_ndn ) )
        {
-               rs->sr_text = "anonymous proxyAuthz not allowed";
-               return LDAP_PROXY_AUTHZ_FAILURE;
+               rs->sr_text = "anonymous proxied authorization not allowed";
+               return LDAP_PROXIED_AUTHORIZATION_DENIED;
        }
 
        op->o_proxy_authz = ctrl->ldctl_iscritical
@@ -953,7 +972,7 @@ static int parseProxyAuthz (
                        ch_free( dn.bv_val );
                }
                rs->sr_text = "authzId mapping failed";
-               return LDAP_PROXY_AUTHZ_FAILURE;
+               return LDAP_PROXIED_AUTHORIZATION_DENIED;
        }
 
        Debug( LDAP_DEBUG_TRACE,
@@ -966,7 +985,7 @@ static int parseProxyAuthz (
        if ( rc ) {
                ch_free( dn.bv_val );
                rs->sr_text = "not authorized to assume identity";
-               return LDAP_PROXY_AUTHZ_FAILURE;
+               return LDAP_PROXIED_AUTHORIZATION_DENIED;
        }
 
        ch_free( op->o_ndn.bv_val );
@@ -1191,6 +1210,13 @@ static int parsePreRead (
                return LDAP_PROTOCOL_ERROR;
        }
 
+#ifdef LDAP_X_TXN
+       if ( op->o_txnSpec ) { /* temporary limitation */
+               rs->sr_text = "cannot perform pre-read in transaction";
+               return LDAP_UNWILLING_TO_PERFORM;
+       }
+#endif
+
        ber = ber_init( &(ctrl->ldctl_value) );
        if (ber == NULL) {
                rs->sr_text = "preread control: internal error";
@@ -1249,6 +1275,13 @@ static int parsePostRead (
                return LDAP_PROTOCOL_ERROR;
        }
 
+#ifdef LDAP_X_TXN
+       if ( op->o_txnSpec ) { /* temporary limitation */
+               rs->sr_text = "cannot perform post-read in transaction";
+               return LDAP_UNWILLING_TO_PERFORM;
+       }
+#endif
+
        ber = ber_init( &(ctrl->ldctl_value) );
        if (ber == NULL) {
                rs->sr_text = "postread control: internal error";