From 05b32b4992d31b234aba95bf43153cfd3bfd81f3 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 14 Sep 2015 05:42:20 +0100 Subject: [PATCH] ITS#8244 skip client controls in ldap_back_entry_get() --- servers/slapd/back-ldap/search.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index b28b694945..cc27f17afe 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -907,9 +907,7 @@ ldap_back_entry_get( ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private; ldapconn_t *lc = NULL; - int rc, - do_not_cache; - ber_tag_t tag; + int rc; struct berval bdn; LDAPMessage *result = NULL, *e = NULL; @@ -918,20 +916,20 @@ ldap_back_entry_get( SlapReply rs; int do_retry = 1; LDAPControl **ctrls = NULL; + Operation op2 = *op; *ent = NULL; /* Tell getconn this is a privileged op */ - do_not_cache = op->o_do_not_cache; - tag = op->o_tag; - /* do not cache */ - op->o_do_not_cache = 1; + op2.o_do_not_cache = 1; + /* use rootdn to be doubly explicit this is privileged */ + op2.o_dn = op->o_bd->be_rootdn; + op2.o_ndn = op->o_bd->be_rootndn; /* ldap_back_entry_get() is an entry lookup, so it does not need * to know what the entry is being looked up for */ - op->o_tag = LDAP_REQ_SEARCH; - rc = ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND ); - op->o_do_not_cache = do_not_cache; - op->o_tag = tag; + op2.o_tag = LDAP_REQ_SEARCH; + op2.o_ctrls = NULL; + rc = ldap_back_dobind( &lc, &op2, &rs, LDAP_BACK_DONTSEND ); if ( !rc ) { return rs.sr_err; } @@ -961,8 +959,8 @@ ldap_back_entry_get( } retry: - ctrls = op->o_ctrls; - rc = ldap_back_controls_add( op, &rs, lc, &ctrls ); + ctrls = NULL; + rc = ldap_back_controls_add( &op2, &rs, lc, &ctrls ); if ( rc != LDAP_SUCCESS ) { goto cleanup; } @@ -974,9 +972,9 @@ retry: if ( rc != LDAP_SUCCESS ) { if ( rc == LDAP_SERVER_DOWN && do_retry ) { do_retry = 0; - if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) { + if ( ldap_back_retry( &lc, &op2, &rs, LDAP_BACK_DONTSEND ) ) { /* if the identity changed, there might be need to re-authz */ - (void)ldap_back_controls_free( op, &rs, &ctrls ); + (void)ldap_back_controls_free( &op2, &rs, &ctrls ); goto retry; } } @@ -1003,7 +1001,7 @@ retry: } cleanup: - (void)ldap_back_controls_free( op, &rs, &ctrls ); + (void)ldap_back_controls_free( &op2, &rs, &ctrls ); if ( result ) { ldap_msgfree( result ); -- 2.39.5