fix ITS#4686 (retry with idassert)

e30e416c · Pierangelo Masarati · ab68c757 · e30e416c · e30e416c · e30e416c
Commit e30e416c authored Sep 26, 2006 by Pierangelo Masarati
--- a/CHANGES
+++ b/CHANGES
@@ -5,9 +5,10 @@ OpenLDAP 2.3.28 Engineering
 	Fixed librewrite LDAP map parsing bug
 	Fixed librewrite map double free bug
 	Added ldapsearch bad filter pattern check (ITS#4647)
-	Fixed slapd-monitor locking with scope "subordinate" (ITS#4668)
 	Fixed slapd global access controls initialization (ITS#4654)
 	Fixed slapd setting c_sasl_bindop only on SASL binds
+	Fixed slapd-ldap retry with idassert (ITS#4686)
+	Fixed slapd-monitor locking with scope "subordinate" (ITS#4668)
 	Fixed slapd-perl deletes (ITS#2612)
 	Fixed slapd-perl backend initialization (ITS#4358)
 	Fixed slapd-perl finding interpreter inside a thread (ITS#4358)

--- a/servers/slapd/back-ldap/add.c
+++ b/servers/slapd/back-ldap/add.c
@@ -92,6 +92,7 @@ ldap_back_add(
 	}
 	attrs[ i ] = NULL;

+retry:
 	ctrls = op->o_ctrls;
 	rs->sr_err = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -99,7 +100,6 @@ ldap_back_add(
 		goto cleanup;
 	}

-retry:
 	rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs,
 			ctrls, NULL, &msgid );
 	rs->sr_err = ldap_back_op_result( lc, op, rs, msgid,
@@ -107,6 +107,8 @@ retry:
 	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
 	}

--- a/servers/slapd/back-ldap/compare.c
+++ b/servers/slapd/back-ldap/compare.c
@@ -48,6 +48,7 @@ ldap_back_compare(
 		goto cleanup;
 	}

+retry:
 	ctrls = op->o_ctrls;
 	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
@@ -55,7 +56,6 @@ ldap_back_compare(
 		goto cleanup;
 	}

-retry:
 	rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_dn.bv_val,
 			op->orc_ava->aa_desc->ad_cname.bv_val,
 			&op->orc_ava->aa_value, 
@@ -64,6 +64,8 @@ retry:
 	if ( rc == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
 	}

--- a/servers/slapd/back-ldap/delete.c
+++ b/servers/slapd/back-ldap/delete.c
@@ -50,6 +50,7 @@ ldap_back_delete(
 		return rs->sr_err;
 	}

+retry:
 	ctrls = op->o_ctrls;
 	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
@@ -58,7 +59,6 @@ ldap_back_delete(
 		goto cleanup;
 	}

-retry:
 	rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_dn.bv_val,
 			ctrls, NULL, &msgid );
 	rc = ldap_back_op_result( lc, op, rs, msgid,
@@ -66,6 +66,8 @@ retry:
 	if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
 		do_retry = 0;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
 	}

--- a/servers/slapd/back-ldap/modify.c
+++ b/servers/slapd/back-ldap/modify.c
@@ -98,6 +98,7 @@ ldap_back_modify(
 	}
 	modv[ i ] = 0;

+retry:;
 	ctrls = op->o_ctrls;
 	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
@@ -106,7 +107,6 @@ ldap_back_modify(
 		goto cleanup;
 	}

-retry:
 	rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv,
 			ctrls, NULL, &msgid );
 	rc = ldap_back_op_result( lc, op, rs, msgid,
@@ -114,6 +114,8 @@ retry:
 	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
 		do_retry = 0;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
 	}

--- a/servers/slapd/back-ldap/modrdn.c
+++ b/servers/slapd/back-ldap/modrdn.c
@@ -73,6 +73,7 @@ ldap_back_modrdn(
 		newSup = op->orr_newSup->bv_val;
 	}

+retry:
 	ctrls = op->o_ctrls;
 	rc = ldap_back_proxy_authz_ctrl( lc, op, rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
@@ -81,7 +82,6 @@ ldap_back_modrdn(
 		goto cleanup;
 	}

-retry:
 	rs->sr_err = ldap_rename( lc->lc_ld, op->o_req_dn.bv_val,
 			op->orr_newrdn.bv_val, newSup,
 			op->orr_deleteoldrdn, ctrls, NULL, &msgid );
@@ -90,6 +90,8 @@ retry:
 	if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
 		do_retry = 0;
 		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+			/* if the identity changed, there might be need to re-authz */
+			(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 			goto retry;
 		}
 	}

--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -765,13 +765,13 @@ ldap_back_entry_get(
 		*ptr++ = '\0';
 	}

+retry:
 	ctrls = op->o_ctrls;
 	rc = ldap_back_proxy_authz_ctrl( lc, op, &rs, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		goto cleanup;
 	}
 	
-retry:
 	rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
 				attrp, 0, ctrls, NULL,
 				NULL, LDAP_NO_LIMIT, &result );
@@ -779,6 +779,8 @@ retry:
 		if ( rc == LDAP_SERVER_DOWN && do_retry ) {
 			do_retry = 0;
 			if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+				/* if the identity changed, there might be need to re-authz */
+				(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
 				goto retry;
 			}
 		}