plug selected leaks resulting from ITS#4056 & ITS#4057 implementation; may need furth...

diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h
index 5a7f92e1c2dca5046f9eb2ea5b250b960f2b8755..5d1911d3ed0d5eb6e44dff746e5bd6ff824822e2 100644 (file)
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@@ -312,14 +312,17 @@ meta_back_retry(
 
 extern void
 meta_back_conn_free(
-       metaconn_t              *mc );
+       void                    *v_mc );
 
 extern int
 meta_back_init_one_conn(
        Operation               *op,
        SlapReply               *rs,
        metatarget_t            *mt, 
+       metaconn_t              *mc,
        metasingleconn_t        *msc,
+       int                     ispriv,
+       int                     isauthz,
        ldap_back_send_t        sendok );
 
 extern int

diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index 17dab2f39712ceb34df2f693cf95ef7b93b62f0e..2106a2d7e539964e82ac3aeed9a71f5c7f1930fb 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -391,7 +391,9 @@ retry:;
                                        /* mc here must be the regular mc,
                                         * reset and ready for init */
                                        rc = meta_back_init_one_conn( op, rs,
-                                               mt, msc, LDAP_BACK_DONTSEND );
+                                               mt, mc, msc, LDAP_BACK_CONN_ISPRIV( mc ),
+                                               candidate == mc->mc_authz_target,
+                                               LDAP_BACK_DONTSEND );
 
                                } else {
                                        /* can't do anything about it */
@@ -567,7 +569,10 @@ retry:;
                                        /* mc here must be the regular mc,
                                         * reset and ready for init */
                                        rc = meta_back_init_one_conn( op, rs,
-                                               mt, msc, LDAP_BACK_DONTSEND );
+                                               mt, mc, msc,
+                                               LDAP_BACK_CONN_ISPRIV( mc ),
+                                               candidate == mc->mc_authz_target,
+                                               LDAP_BACK_DONTSEND );
                                
 
                                } else {

diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index 0c8d140166ad33eba1676524c58b451fff3a7607..303c4e61474b9112d6798a0272454de20a9dd150 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -176,27 +176,6 @@ metaconn_alloc(
        return mc;
 }
 
-/*
- * meta_back_conn_free
- *
- * clears a metaconn
- */
-
-void
-meta_back_conn_free(
-       metaconn_t      *mc )
-{
-       assert( mc != NULL );
-       assert( mc->mc_refcnt == 0 );
-
-       if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
-               free( mc->mc_local_ndn.bv_val );
-       }
-
-       ldap_pvt_thread_mutex_destroy( &mc->mc_mutex );
-       free( mc );
-}
-
 static void
 meta_back_freeconn(
        Operation       *op,
@@ -225,7 +204,10 @@ meta_back_init_one_conn(
        Operation               *op,
        SlapReply               *rs,
        metatarget_t            *mt, 
+       metaconn_t              *mc,
        metasingleconn_t        *msc,
+       int                     ispriv,
+       int                     isauthz,
        ldap_back_send_t        sendok )
 {
        metainfo_t      *mi = ( metainfo_t * )op->o_bd->be_private;
@@ -367,32 +349,46 @@ retry:;
        /*
         * If the connection DN is not null, an attempt to rewrite it is made
         */
-       if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
-               dc.target = mt;
-               dc.conn = op->o_conn;
-               dc.rs = rs;
-               dc.ctx = "bindDN";
-               
-               /*
-                * Rewrite the bind dn if needed
-                */
-               if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
-                                       &msc->msc_bound_ndn ) )
-               {
-                       goto error_return;
-               }
-
-               /* copy the DN idf needed */
-               if ( msc->msc_bound_ndn.bv_val == op->o_conn->c_dn.bv_val ) {
-                       ber_dupbv( &msc->msc_bound_ndn, &op->o_conn->c_dn );
-               }
 
-               assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
+       if ( ispriv ) {
+               ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
+               ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
+               LDAP_BACK_CONN_ISPRIV_SET( msc );
 
        } else {
-               ber_str2bv( "", 0, 1, &msc->msc_bound_ndn );
+               BER_BVZERO( &msc->msc_cred );
+               BER_BVZERO( &msc->msc_bound_ndn );
+               if ( !BER_BVISEMPTY( &op->o_ndn )
+                       && SLAP_IS_AUTHZ_BACKEND( op )
+                       && isauthz )
+               {
+                       dc.target = mt;
+                       dc.conn = op->o_conn;
+                       dc.rs = rs;
+                       dc.ctx = "bindDN";
+               
+                       /*
+                        * Rewrite the bind dn if needed
+                        */
+                       if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
+                                               &msc->msc_bound_ndn ) )
+                       {
+                               ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
+                               goto error_return;
+                       }
+                       
+                       /* copy the DN idf needed */
+                       if ( msc->msc_bound_ndn.bv_val == op->o_conn->c_dn.bv_val ) {
+                               ber_dupbv( &msc->msc_bound_ndn, &op->o_conn->c_dn );
+                       }
+
+               } else {
+                       ber_str2bv( "", 0, 1, &msc->msc_bound_ndn );
+               }
        }
 
+       assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
+
        LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
 
 error_return:;
@@ -450,7 +446,9 @@ retry_lock:;
                ( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
 
                /* mc here must be the regular mc, reset and ready for init */
-               rc = meta_back_init_one_conn( op, rs, mt, msc, sendok );
+               rc = meta_back_init_one_conn( op, rs, mt, mc, msc,
+                       LDAP_BACK_CONN_ISPRIV( mc ),
+                       candidate == mc->mc_authz_target, sendok );
 
                if ( rc == LDAP_SUCCESS ) {
                        rc = meta_back_single_dobind( op, rs, mc, candidate,
@@ -781,27 +779,13 @@ meta_back_getconn(
                         * also init'd
                         */
                        candidates[ i ].sr_err = meta_back_init_one_conn( op,
-                               rs, mt, msc, sendok );
+                               rs, mt, mc, msc,
+                               LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+                               i == mc->mc_authz_target, sendok );
                        if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
                                candidates[ i ].sr_tag = META_CANDIDATE;
                                ncandidates++;
        
-                               if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
-                                       ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
-                                       ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
-                                       LDAP_BACK_CONN_ISPRIV_SET( msc );
-
-                               } else {
-                                       BER_BVZERO( &msc->msc_cred );
-                                       BER_BVZERO( &msc->msc_bound_ndn );
-                                       if ( !BER_BVISEMPTY( &op->o_ndn )
-                                               && SLAP_IS_AUTHZ_BACKEND( op )
-                                               && i == mc->mc_authz_target )
-                                       {
-                                               ber_dupbv( &msc->msc_bound_ndn, &op->o_ndn );
-                                       }
-                               }
-                       
                        } else {
                                
                                /*
@@ -941,7 +925,9 @@ meta_back_getconn(
                 * also init'd. In case of error, meta_back_init_one_conn
                 * sends the appropriate result.
                 */
-               err = meta_back_init_one_conn( op, rs, mt, msc, sendok );
+               err = meta_back_init_one_conn( op, rs, mt, mc, msc,
+                       LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+                       i == mc->mc_authz_target, sendok );
                if ( err != LDAP_SUCCESS ) {
                        /*
                         * FIXME: in case one target cannot
@@ -967,22 +953,6 @@ meta_back_getconn(
                        *candidate = i;
                }
 
-               if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
-                       ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
-                       ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
-                       LDAP_BACK_CONN_ISPRIV_SET( msc );
-
-               } else {
-                       BER_BVZERO( &msc->msc_cred );
-                       BER_BVZERO( &msc->msc_bound_ndn );
-                       if ( !BER_BVISEMPTY( &op->o_ndn )
-                               && SLAP_IS_AUTHZ_BACKEND( op )
-                               && i == mc->mc_authz_target )
-                       {
-                               ber_dupbv( &msc->msc_bound_ndn, &op->o_ndn );
-                       }
-               }
-                       
        /*
         * if no unique candidate ...
         */
@@ -1012,28 +982,15 @@ meta_back_getconn(
                                 * also init'd
                                 */
                                int lerr = meta_back_init_one_conn( op, rs,
-                                               mt, msc, sendok );
+                                               mt, mc, msc,
+                                               LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+                                               i == mc->mc_authz_target,
+                                               sendok );
                                if ( lerr == LDAP_SUCCESS ) {
                                        candidates[ i ].sr_tag = META_CANDIDATE;
                                        candidates[ i ].sr_err = LDAP_SUCCESS;
                                        ncandidates++;
 
-                                       if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
-                                               ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
-                                               ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
-                                               LDAP_BACK_CONN_ISPRIV_SET( msc );
-
-                                       } else {
-                                               BER_BVZERO( &msc->msc_cred );
-                                               BER_BVZERO( &msc->msc_bound_ndn );
-                                               if ( !BER_BVISEMPTY( &op->o_ndn )
-                                                       && SLAP_IS_AUTHZ_BACKEND( op )
-                                                       && i == mc->mc_authz_target )
-                                               {
-                                                       ber_dupbv( &msc->msc_bound_ndn, &op->o_ndn );
-                                               }
-                                       }
-                       
                                        Debug( LDAP_DEBUG_TRACE, "%s: meta_back_init_one_conn(%d)\n",
                                                op->o_log_prefix, i, 0 );
 

diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c
index fb2b0d50ceb888241511c95a434b30397b052c47..3f71a429f25882e9ca123a5474241d74e4404e5e 100644 (file)
--- a/servers/slapd/back-meta/init.c
+++ b/servers/slapd/back-meta/init.c
@@ -126,13 +126,20 @@ meta_back_db_open(
        return 0;
 }
 
-static void
-conn_free( 
+void
+meta_back_conn_free( 
        void            *v_mc )
 {
        metaconn_t              *mc = v_mc;
        int                     i, ntargets;
 
+       assert( mc != NULL );
+       assert( mc->mc_refcnt == 0 );
+
+       if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
+               free( mc->mc_local_ndn.bv_val );
+       }
+
        assert( mc->mc_conns != NULL );
 
        /* at least one must be present... */
@@ -156,6 +163,7 @@ conn_free(
                }
        }
 
+       ldap_pvt_thread_mutex_destroy( &mc->mc_mutex );
        free( mc );
 }
 
@@ -220,7 +228,7 @@ meta_back_db_destroy(
                ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
 
                if ( mi->mi_conntree ) {
-                       avl_free( mi->mi_conntree, conn_free );
+                       avl_free( mi->mi_conntree, meta_back_conn_free );
                }
 
                /*