ITS#2779 from HEAD - group ACL caching

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index d349a7077ca5b478c9cba79df9f194383c56c9d6..3f4f2f8867ef0ea60244a2bc95f216e5523bd70f 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -1111,9 +1111,7 @@ backend_group(
                }
        } 
 
-       ldap_pvt_thread_mutex_lock( &conn->c_mutex );
-
-       for (g = conn->c_groups; g; g=g->ga_next) {
+       for (g = op->o_groups; g; g=g->ga_next) {
                if (g->ga_be != be || g->ga_oc != group_oc ||
                        g->ga_at != group_at || g->ga_len != gr_ndn->bv_len)
                        continue;
@@ -1121,8 +1119,6 @@ backend_group(
                        break;
        }
 
-       ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
-
        if (g) {
                return g->ga_res;
        }
@@ -1140,10 +1136,8 @@ backend_group(
                        g->ga_res = res;
                        g->ga_len = gr_ndn->bv_len;
                        strcpy(g->ga_ndn, gr_ndn->bv_val);
-                       ldap_pvt_thread_mutex_lock( &conn->c_mutex );
-                       g->ga_next = conn->c_groups;
-                       conn->c_groups = g;
-                       ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+                       g->ga_next = op->o_groups;
+                       op->o_groups = g;
                }
 
                return res;

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 1b0a122bb3b0083dd245ef82990645fa3ee6750d..3a537228571f795f79c43e417f1dd3e806b86089 100644 (file)
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -421,7 +421,6 @@ long connection_init(
                c->c_dn.bv_len = 0;
                c->c_ndn.bv_val = NULL;
                c->c_ndn.bv_len = 0;
-               c->c_groups = NULL;
 
                c->c_listener = NULL;
                c->c_peer_domain.bv_val = NULL;
@@ -461,7 +460,6 @@ long connection_init(
     assert( c->c_authmech.bv_val == NULL );
     assert( c->c_dn.bv_val == NULL );
     assert( c->c_ndn.bv_val == NULL );
-    assert( c->c_groups == NULL );
     assert( c->c_listener == NULL );
     assert( c->c_peer_domain.bv_val == NULL );
     assert( c->c_peer_name.bv_val == NULL );
@@ -597,15 +595,6 @@ void connection2anonymous( Connection *c )
        c->c_ndn.bv_len = 0;
 
        c->c_authz_backend = NULL;
-       
-       {
-               GroupAssertion *g, *n;
-               for (g = c->c_groups; g; g=n) {
-                       n = g->ga_next;
-                       free(g);
-               }
-               c->c_groups = NULL;
-       }
 }
 
 static void

diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c
index 9199e3310c4c53843d63e053eb0670558e560942..309b16e7577fd7d82eb6d3b361a3cc51541b84fa 100644 (file)
--- a/servers/slapd/operation.c
+++ b/servers/slapd/operation.c
@@ -75,6 +75,14 @@ slap_op_free( Operation *op )
                free( op->o_sync_state.bv_val );
        }
 #endif
+       {
+               GroupAssertion *g, *n;
+               for (g = op->o_groups; g; g=n) {
+                       n = g->ga_next;
+                       free( g );
+               }
+               op->o_groups = NULL;
+        }
 
 #if defined( LDAP_SLAPI )
        if ( op->o_pb != NULL ) {

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 2074683829cb607427e5129e7f1572e26cb41069..7d01cc666a701ac7193a0a1a2948dc68c679ee02 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1653,6 +1653,18 @@ struct psid_entry {
 };
 #endif
 
+/*
+ * Caches the result of a backend_group check for ACL evaluation
+ */
+typedef struct slap_gacl {
+       struct slap_gacl *ga_next;
+       Backend *ga_be;
+       ObjectClass *ga_oc;
+       AttributeDescription *ga_at;
+       int ga_res;
+       ber_len_t ga_len;
+       char ga_ndn[1];
+} GroupAssertion;
 
 /*
  * represents an operation pending from an ldap client
@@ -1678,7 +1690,8 @@ typedef struct slap_op {
 #define SLAP_CANCEL_ACK                                        0x02
 #define SLAP_CANCEL_DONE                               0x03
 
-       char o_do_not_cache;    /* don't cache from this op */
+       GroupAssertion *o_groups;
+       char o_do_not_cache;    /* don't cache groups from this op */
        char o_is_auth_check;   /* authorization in progress */
 
 #define SLAP_NO_CONTROL 0
@@ -1856,19 +1869,6 @@ typedef void (*SEND_LDAP_INTERMEDIATE_RESP)(
        (*conn->c_send_ldap_intermediate_resp)( conn, op, err, matched, text, \
                                                refs, rspoid, rspdata, ctrls )
 
-/*
- * Caches the result of a backend_group check for ACL evaluation
- */
-typedef struct slap_gacl {
-       struct slap_gacl *ga_next;
-       Backend *ga_be;
-       ObjectClass *ga_oc;
-       AttributeDescription *ga_at;
-       int ga_res;
-       ber_len_t ga_len;
-       char ga_ndn[1];
-} GroupAssertion;
-
 typedef struct slap_listener Listener;
 
 /*
@@ -1901,7 +1901,6 @@ typedef struct slap_conn {
        Backend *c_authz_backend;
 
        AuthorizationInformation c_authz;
-       GroupAssertion *c_groups;
 
        ber_int_t       c_protocol;     /* version of the LDAP protocol used by client */