From: Howard Chu <hyc@openldap.org>
Date: Sat, 24 Jan 2009 07:04:42 +0000 (+0000)
Subject: ITS#5881 consumer must use ManageDSAiT control to retrieve referrals
X-Git-Tag: ACLCHECK_0~968
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=532347bb3cc84938b4db2f70fea7aa858eaef0e5;p=openldap

ITS#5881 consumer must use ManageDSAiT control to retrieve referrals
as entries. provider must preserve incoming ManageDSAiT status.
---

diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index d7c857b6ba..ef20194d89 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -800,7 +800,7 @@ syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
 		rs.sr_entry = *e;
 		if ( rs.sr_entry->e_private )
 			rs.sr_flags = REP_ENTRY_MUSTRELEASE;
-		if ( opc->sreference ) {
+		if ( opc->sreference && so->s_op->o_managedsait <= SLAP_CONTROL_IGNORED ) {
 			rs.sr_ref = get_entry_referrals( op, rs.sr_entry );
 			rs.sr_err = send_search_reference( op, &rs );
 			ber_bvarray_free( rs.sr_ref );
@@ -823,7 +823,7 @@ syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
 		e_uuid.e_name = opc->sdn;
 		e_uuid.e_nname = opc->sndn;
 		rs.sr_entry = &e_uuid;
-		if ( opc->sreference ) {
+		if ( opc->sreference && so->s_op->o_managedsait <= SLAP_CONTROL_IGNORED ) {
 			struct berval bv = BER_BVNULL;
 			rs.sr_ref = &bv;
 			rs.sr_err = send_search_reference( op, &rs );
@@ -1949,6 +1949,7 @@ syncprov_detach_op( Operation *op, syncops *so, slap_overinst *on )
 	op2->o_time = op->o_time;
 	op2->o_bd = on->on_info->oi_origdb;
 	op2->o_request = op->o_request;
+	op2->o_managedsait = op->o_managedsait;
 	LDAP_SLIST_FIRST(&op2->o_extra)->oe_key = on;
 	LDAP_SLIST_NEXT(LDAP_SLIST_FIRST(&op2->o_extra), oe_next) = NULL;
 
@@ -2175,7 +2176,6 @@ syncprov_op_search( Operation *op, SlapReply *rs )
 	}
 
 	srs = op->o_controls[slap_cids.sc_LDAPsync];
-	op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
 
 	/* If this is a persistent search, set it up right away */
 	if ( op->o_sync_mode & SLAP_SYNC_PERSIST ) {
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
index bfc565ba9b..8492e5477b 100644
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -343,7 +343,7 @@ ldap_sync_search(
 {
 	BerElementBuffer berbuf;
 	BerElement *ber = (BerElement *)&berbuf;
-	LDAPControl c[2], *ctrls[3];
+	LDAPControl c[3], *ctrls[4];
 	int rc;
 	int rhint;
 	char *base;
@@ -417,14 +417,19 @@ ldap_sync_search(
 	c[0].ldctl_iscritical = si->si_type < 0;
 	ctrls[0] = &c[0];
 
+	c[1].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
+	BER_BVZERO( &c[1].ldctl_value );
+	c[1].ldctl_iscritical = 1;
+	ctrls[1] = &c[1];
+
 	if ( !BER_BVISNULL( &si->si_bindconf.sb_authzId ) ) {
-		c[1].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
-		c[1].ldctl_value = si->si_bindconf.sb_authzId;
-		c[1].ldctl_iscritical = 1;
-		ctrls[1] = &c[1];
-		ctrls[2] = NULL;
+		c[2].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+		c[2].ldctl_value = si->si_bindconf.sb_authzId;
+		c[2].ldctl_iscritical = 1;
+		ctrls[2] = &c[2];
+		ctrls[3] = NULL;
 	} else {
-		ctrls[1] = NULL;
+		ctrls[2] = NULL;
 	}
 
 	rc = ldap_search_ext( si->si_ld, base, scope, filter, attrs, attrsonly,
@@ -583,6 +588,8 @@ do_syncrep1(
 	rc = LDAP_DEREF_NEVER;	/* actually could allow DEREF_FINDING */
 	ldap_set_option( si->si_ld, LDAP_OPT_DEREF, &rc );
 
+	ldap_set_option( si->si_ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
+
 	si->si_syncCookie.rid = si->si_rid;
 
 	/* whenever there are multiple data sources possible, advertise sid */