Commit f7f50d4d authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

import fix to ITS#4760

parent e35d95b8
OpenLDAP 2.3 Change Log
OpenLDAP 2.3.31 Engineering
Fixed slapd group ACL caching when proxyAuthz'ing (ITS#4760)
Fixed slapd "group" authz default member parsing (ITS#4761)
Documentation
Fixed typo in slapo-retcode(5) man page (ITS#4753)
......
......@@ -919,6 +919,13 @@ static int parseProxyAuthz (
op->o_ndn = dn;
ber_dupbv( &op->o_dn, &dn );
/*
* since the authzid has changed, we need to delete
* cached groups (ITS#4760)
*/
if ( op->o_groups ) {
slap_op_groups_free( op );
}
Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
op->o_log_prefix, dn.bv_val, 0, 0, 0 );
......
......@@ -60,6 +60,17 @@ void slap_op_destroy(void)
ldap_pvt_thread_mutex_destroy( &slap_op_mutex );
}
void
slap_op_groups_free( Operation *op )
{
GroupAssertion *g, *n;
for ( g = op->o_groups; g; g = n ) {
n = g->ga_next;
slap_sl_free( g, op->o_tmpmemctx );
}
op->o_groups = NULL;
}
void
slap_op_free( Operation *op )
{
......@@ -87,13 +98,8 @@ slap_op_free( Operation *op )
}
#endif
{
GroupAssertion *g, *n;
for ( g = op->o_groups; g; g = n ) {
n = g->ga_next;
slap_sl_free( g, op->o_tmpmemctx );
}
op->o_groups = NULL;
if ( op->o_groups ) {
slap_op_groups_free( op );
}
#if defined( LDAP_SLAPI )
......
......@@ -1232,6 +1232,7 @@ LDAP_SLAPD_F (int) parse_oidm LDAP_P((
*/
LDAP_SLAPD_F (void) slap_op_init LDAP_P(( void ));
LDAP_SLAPD_F (void) slap_op_destroy LDAP_P(( void ));
LDAP_SLAPD_F (void) slap_op_groups_free LDAP_P(( Operation *op ));
LDAP_SLAPD_F (void) slap_op_free LDAP_P(( Operation *op ));
LDAP_SLAPD_F (void) slap_op_time LDAP_P(( time_t *t, int *n ));
LDAP_SLAPD_F (Operation *) slap_op_alloc LDAP_P((
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment