From: Pierangelo Masarati Date: Tue, 26 Sep 2006 14:51:47 +0000 (+0000) Subject: fix ITS#4686 (retry with idassert) X-Git-Tag: OPENLDAP_REL_ENG_2_3_MP~91 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0e9983ff2bba24e0c8ed9fa95eb8a4d081380e0b;p=openldap fix ITS#4686 (retry with idassert) --- diff --git a/servers/slapd/back-ldap/add.c b/servers/slapd/back-ldap/add.c index 9a8ba0518b..62a6ca8efc 100644 --- a/servers/slapd/back-ldap/add.c +++ b/servers/slapd/back-ldap/add.c @@ -92,6 +92,7 @@ ldap_back_add( } attrs[ i ] = NULL; +retry: ctrls = op->o_ctrls; rs->sr_err = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, li->li_version, &li->li_idassert, op, rs, &ctrls ); @@ -100,7 +101,6 @@ ldap_back_add( goto cleanup; } -retry: rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs, ctrls, NULL, &msgid ); rs->sr_err = ldap_back_op_result( lc, op, rs, msgid, @@ -109,6 +109,8 @@ retry: if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) { retrying &= ~LDAP_BACK_RETRYING; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/compare.c b/servers/slapd/back-ldap/compare.c index f58a4e3731..9062b921fa 100644 --- a/servers/slapd/back-ldap/compare.c +++ b/servers/slapd/back-ldap/compare.c @@ -50,6 +50,7 @@ ldap_back_compare( goto cleanup; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, li->li_version, &li->li_idassert, op, rs, &ctrls ); @@ -58,7 +59,6 @@ ldap_back_compare( goto cleanup; } -retry: rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_dn.bv_val, op->orc_ava->aa_desc->ad_cname.bv_val, &op->orc_ava->aa_value, @@ -69,6 +69,8 @@ retry: if ( rc == LDAP_UNAVAILABLE && retrying ) { retrying &= ~LDAP_BACK_RETRYING; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/delete.c b/servers/slapd/back-ldap/delete.c index a46616f02d..6990bb22fd 100644 --- a/servers/slapd/back-ldap/delete.c +++ b/servers/slapd/back-ldap/delete.c @@ -50,6 +50,7 @@ ldap_back_delete( return rs->sr_err; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, li->li_version, &li->li_idassert, op, rs, &ctrls ); @@ -59,7 +60,6 @@ ldap_back_delete( goto cleanup; } -retry: rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_dn.bv_val, ctrls, NULL, &msgid ); rc = ldap_back_op_result( lc, op, rs, msgid, @@ -68,6 +68,8 @@ retry: if ( rs->sr_err == LDAP_SERVER_DOWN && retrying ) { retrying &= ~LDAP_BACK_RETRYING; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/modify.c b/servers/slapd/back-ldap/modify.c index 9e53ac2b8e..57109032f7 100644 --- a/servers/slapd/back-ldap/modify.c +++ b/servers/slapd/back-ldap/modify.c @@ -98,6 +98,7 @@ ldap_back_modify( } modv[ i ] = 0; +retry:; ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, li->li_version, &li->li_idassert, op, rs, &ctrls ); @@ -107,7 +108,6 @@ ldap_back_modify( goto cleanup; } -retry: rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv, ctrls, NULL, &msgid ); rc = ldap_back_op_result( lc, op, rs, msgid, @@ -116,6 +116,8 @@ retry: if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) { retrying &= ~LDAP_BACK_RETRYING; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/modrdn.c b/servers/slapd/back-ldap/modrdn.c index e2b3b405e8..f158e32368 100644 --- a/servers/slapd/back-ldap/modrdn.c +++ b/servers/slapd/back-ldap/modrdn.c @@ -73,6 +73,7 @@ ldap_back_modrdn( newSup = op->orr_newSup->bv_val; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, li->li_version, &li->li_idassert, op, rs, &ctrls ); @@ -82,7 +83,6 @@ ldap_back_modrdn( goto cleanup; } -retry: rs->sr_err = ldap_rename( lc->lc_ld, op->o_req_dn.bv_val, op->orr_newrdn.bv_val, newSup, op->orr_deleteoldrdn, ctrls, NULL, &msgid ); @@ -92,6 +92,8 @@ retry: if ( rs->sr_err == LDAP_SERVER_DOWN && retrying ) { retrying &= ~LDAP_BACK_RETRYING; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 48a4a6179d..ff79c320ef 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -767,6 +767,7 @@ ldap_back_entry_get( *ptr++ = '\0'; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn, li->li_version, &li->li_idassert, op, &rs, &ctrls ); @@ -774,7 +775,6 @@ ldap_back_entry_get( goto cleanup; } -retry: rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter, attrp, 0, ctrls, NULL, NULL, LDAP_NO_LIMIT, &result ); @@ -782,6 +782,8 @@ retry: if ( rc == LDAP_SERVER_DOWN && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } }