From: Pierangelo Masarati <ando@openldap.org>
Date: Fri, 18 Mar 2005 00:10:10 +0000 (+0000)
Subject: avoid potential deadlock related to ACLs checking
X-Git-Tag: OPENLDAP_REL_ENG_2_3_BP~40
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=dec4c2197a5c7c199100ffacc8027c85c4a840cc;p=openldap

avoid potential deadlock related to ACLs checking
---

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index a262a9911a..265681c4a4 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -415,33 +415,37 @@ slap_passwd_check(
 	struct berval		*bv;
 	AccessControlState	acl_state = ACL_STATE_INIT;
 
-#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
-	ldap_pvt_thread_mutex_lock( &passwd_mutex );
-#ifdef SLAPD_SPASSWD
-	lutil_passwd_sasl_conn = op->o_conn->c_sasl_authctx;
-#endif
-#endif
-
 	for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
+		int	rc;
+
 		/* if e is provided, check access */
 		if ( e && access_allowed( op, e, a->a_desc, bv,
 					ACL_AUTH, &acl_state ) == 0 )
 		{
 			continue;
 		}
-		
-		if ( !lutil_passwd( bv, cred, NULL, text ) ) {
-			result = 0;
-			break;
-		}
-	}
 
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+		ldap_pvt_thread_mutex_lock( &passwd_mutex );
 #ifdef SLAPD_SPASSWD
-	lutil_passwd_sasl_conn = NULL;
+		lutil_passwd_sasl_conn = op->o_conn->c_sasl_authctx;
 #endif
-	ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 #endif
+	
+		rc = lutil_passwd( bv, cred, NULL, text );
+
+#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
+#ifdef SLAPD_SPASSWD
+		lutil_passwd_sasl_conn = NULL;
+#endif
+		ldap_pvt_thread_mutex_unlock( &passwd_mutex );
+#endif
+
+		if ( !rc ) {
+			result = 0;
+			break;
+		}
+	}
 
 	return result;
 }