From: Pierangelo Masarati Date: Tue, 26 Sep 2006 14:54:25 +0000 (+0000) Subject: fix ITS#4686 (retry with idassert) X-Git-Tag: OPENLDAP_REL_ENG_2_3_28~19 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e30e416c06bb6c31bb031074de1ff1aa3149a112;p=openldap fix ITS#4686 (retry with idassert) --- diff --git a/CHANGES b/CHANGES index ff6971b796..89c277dd31 100644 --- a/CHANGES +++ b/CHANGES @@ -5,9 +5,10 @@ OpenLDAP 2.3.28 Engineering Fixed librewrite LDAP map parsing bug Fixed librewrite map double free bug Added ldapsearch bad filter pattern check (ITS#4647) - Fixed slapd-monitor locking with scope "subordinate" (ITS#4668) Fixed slapd global access controls initialization (ITS#4654) Fixed slapd setting c_sasl_bindop only on SASL binds + Fixed slapd-ldap retry with idassert (ITS#4686) + Fixed slapd-monitor locking with scope "subordinate" (ITS#4668) Fixed slapd-perl deletes (ITS#2612) Fixed slapd-perl backend initialization (ITS#4358) Fixed slapd-perl finding interpreter inside a thread (ITS#4358) diff --git a/servers/slapd/back-ldap/add.c b/servers/slapd/back-ldap/add.c index 94cab8eda6..f30c482065 100644 --- a/servers/slapd/back-ldap/add.c +++ b/servers/slapd/back-ldap/add.c @@ -92,6 +92,7 @@ ldap_back_add( } attrs[ i ] = NULL; +retry: ctrls = op->o_ctrls; rs->sr_err = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls ); if ( rs->sr_err != LDAP_SUCCESS ) { @@ -99,7 +100,6 @@ ldap_back_add( goto cleanup; } -retry: rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs, ctrls, NULL, &msgid ); rs->sr_err = ldap_back_op_result( lc, op, rs, msgid, @@ -107,6 +107,8 @@ retry: if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/compare.c b/servers/slapd/back-ldap/compare.c index 8d31acabb8..6a5c4da4aa 100644 --- a/servers/slapd/back-ldap/compare.c +++ b/servers/slapd/back-ldap/compare.c @@ -48,6 +48,7 @@ ldap_back_compare( goto cleanup; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls ); if ( rc != LDAP_SUCCESS ) { @@ -55,7 +56,6 @@ ldap_back_compare( goto cleanup; } -retry: rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_dn.bv_val, op->orc_ava->aa_desc->ad_cname.bv_val, &op->orc_ava->aa_value, @@ -64,6 +64,8 @@ retry: if ( rc == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/delete.c b/servers/slapd/back-ldap/delete.c index e0f7c67905..9c7899141f 100644 --- a/servers/slapd/back-ldap/delete.c +++ b/servers/slapd/back-ldap/delete.c @@ -50,6 +50,7 @@ ldap_back_delete( return rs->sr_err; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls ); if ( rc != LDAP_SUCCESS ) { @@ -58,7 +59,6 @@ ldap_back_delete( goto cleanup; } -retry: rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_dn.bv_val, ctrls, NULL, &msgid ); rc = ldap_back_op_result( lc, op, rs, msgid, @@ -66,6 +66,8 @@ retry: if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/modify.c b/servers/slapd/back-ldap/modify.c index 6b75ef74f7..c6bd057a51 100644 --- a/servers/slapd/back-ldap/modify.c +++ b/servers/slapd/back-ldap/modify.c @@ -98,6 +98,7 @@ ldap_back_modify( } modv[ i ] = 0; +retry:; ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls ); if ( rc != LDAP_SUCCESS ) { @@ -106,7 +107,6 @@ ldap_back_modify( goto cleanup; } -retry: rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv, ctrls, NULL, &msgid ); rc = ldap_back_op_result( lc, op, rs, msgid, @@ -114,6 +114,8 @@ retry: if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/modrdn.c b/servers/slapd/back-ldap/modrdn.c index eb5690ce6c..d1642b1e7f 100644 --- a/servers/slapd/back-ldap/modrdn.c +++ b/servers/slapd/back-ldap/modrdn.c @@ -73,6 +73,7 @@ ldap_back_modrdn( newSup = op->orr_newSup->bv_val; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls ); if ( rc != LDAP_SUCCESS ) { @@ -81,7 +82,6 @@ ldap_back_modrdn( goto cleanup; } -retry: rs->sr_err = ldap_rename( lc->lc_ld, op->o_req_dn.bv_val, op->orr_newrdn.bv_val, newSup, op->orr_deleteoldrdn, ctrls, NULL, &msgid ); @@ -90,6 +90,8 @@ retry: if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 3745d2888d..d868055fce 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -765,13 +765,13 @@ ldap_back_entry_get( *ptr++ = '\0'; } +retry: ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( lc, op, &rs, &ctrls ); if ( rc != LDAP_SUCCESS ) { goto cleanup; } -retry: rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter, attrp, 0, ctrls, NULL, NULL, LDAP_NO_LIMIT, &result ); @@ -779,6 +779,8 @@ retry: if ( rc == LDAP_SERVER_DOWN && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } }