From 102d8159a75a625c96e01e361784d75146d15e34 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 23 Oct 2003 01:23:45 +0000 Subject: [PATCH] ITS#2779, cache group ACLs per operation instead of per-connection --- servers/slapd/backend.c | 12 +++--------- servers/slapd/connection.c | 11 ----------- servers/slapd/operation.c | 9 +++++++++ servers/slapd/slap.h | 30 +++++++++++++++--------------- servers/slapd/slapi/slapi_ops.c | 1 - 5 files changed, 27 insertions(+), 36 deletions(-) diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 313f819a1b..1ee3375a48 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -1176,9 +1176,7 @@ backend_group( op->o_bd = select_backend( gr_ndn, 0, 0 ); - ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - - for (g = op->o_conn->c_groups; g; g=g->ga_next) { + for (g = op->o_groups; g; g=g->ga_next) { if (g->ga_be != op->o_bd || g->ga_oc != group_oc || g->ga_at != group_at || g->ga_len != gr_ndn->bv_len) continue; @@ -1186,8 +1184,6 @@ backend_group( break; } - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); - if (g) { rc = g->ga_res; goto done; @@ -1290,10 +1286,8 @@ backend_group( g->ga_res = rc; g->ga_len = gr_ndn->bv_len; strcpy(g->ga_ndn, gr_ndn->bv_val); - ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); - g->ga_next = op->o_conn->c_groups; - op->o_conn->c_groups = g; - ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); + g->ga_next = op->o_groups; + op->o_groups = g; } done: op->o_bd = be; diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 5541a8f833..4adf478e25 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -430,7 +430,6 @@ long connection_init( c->c_dn.bv_len = 0; c->c_ndn.bv_val = NULL; c->c_ndn.bv_len = 0; - c->c_groups = NULL; c->c_listener = NULL; c->c_peer_domain.bv_val = NULL; @@ -476,7 +475,6 @@ long connection_init( assert( c->c_authmech.bv_val == NULL ); assert( c->c_dn.bv_val == NULL ); assert( c->c_ndn.bv_val == NULL ); - assert( c->c_groups == NULL ); assert( c->c_listener == NULL ); assert( c->c_peer_domain.bv_val == NULL ); assert( c->c_peer_name.bv_val == NULL ); @@ -613,15 +611,6 @@ void connection2anonymous( Connection *c ) c->c_ndn.bv_len = 0; c->c_authz_backend = NULL; - - { - GroupAssertion *g, *n; - for (g = c->c_groups; g; g=n) { - n = g->ga_next; - free(g); - } - c->c_groups = NULL; - } } static void diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c index 17d4e4efaa..1d00fc625f 100644 --- a/servers/slapd/operation.c +++ b/servers/slapd/operation.c @@ -69,6 +69,15 @@ slap_op_free( Operation *op ) free( op->o_sync_state.bv_val ); } + { + GroupAssertion *g, *n; + for (g = op->o_groups; g; g=n) { + n = g->ga_next; + free(g); + } + op->o_groups = NULL; + } + #if defined( LDAP_SLAPI ) if ( op->o_pb != NULL ) { slapi_pblock_destroy( (Slapi_PBlock *)op->o_pb ); diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index ab8325747f..28daaa70ff 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1823,6 +1823,19 @@ struct slap_csn_entry { LDAP_TAILQ_ENTRY (slap_csn_entry) csn_link; }; +/* + * Caches the result of a backend_group check for ACL evaluation + */ +typedef struct slap_gacl { + struct slap_gacl *ga_next; + Backend *ga_be; + ObjectClass *ga_oc; + AttributeDescription *ga_at; + int ga_res; + ber_len_t ga_len; + char ga_ndn[1]; +} GroupAssertion; + /* * represents an operation pending from an ldap client */ @@ -1901,7 +1914,8 @@ typedef struct slap_op { #define SLAP_CANCEL_ACK 0x02 #define SLAP_CANCEL_DONE 0x03 - char o_do_not_cache; /* don't cache from this op */ + GroupAssertion *o_groups; + char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ #define SLAP_NO_CONTROL 0 @@ -2025,19 +2039,6 @@ typedef void (SEND_LDAP_INTERMEDIATE)( #define send_ldap_intermediate( op, rs ) \ (op->o_conn->c_send_ldap_intermediate)( op, rs ) -/* - * Caches the result of a backend_group check for ACL evaluation - */ -typedef struct slap_gacl { - struct slap_gacl *ga_next; - Backend *ga_be; - ObjectClass *ga_oc; - AttributeDescription *ga_at; - int ga_res; - ber_len_t ga_len; - char ga_ndn[1]; -} GroupAssertion; - typedef struct slap_listener Listener; /* @@ -2070,7 +2071,6 @@ typedef struct slap_conn { Backend *c_authz_backend; AuthorizationInformation c_authz; - GroupAssertion *c_groups; ber_int_t c_protocol; /* version of the LDAP protocol used by client */ diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index bc771dbf68..ae21dc888c 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -168,7 +168,6 @@ slapiConnectionInit( c->c_dn.bv_len = 0; c->c_ndn.bv_val = NULL; c->c_ndn.bv_len = 0; - c->c_groups = NULL; c->c_listener = &slap_unknown_listener; ber_dupbv( &c->c_peer_domain, (struct berval *)&slap_unknown_bv ); -- 2.39.5