ITS#8244 skip client controls in ldap_back_entry_get()

e8850435 · Howard Chu · Quanah Gibson-Mount · 3f572f79 · e8850435
Commit e8850435 authored Sep 14, 2015 by Howard Chu Committed by Quanah Gibson-Mount Sep 21, 2015
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -907,9 +907,7 @@ ldap_back_entry_get(
 	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;

 	ldapconn_t	*lc = NULL;
-	int		rc,
-			do_not_cache;
-	ber_tag_t	tag;
+	int		rc;
 	struct berval	bdn;
 	LDAPMessage	*result = NULL,
 			*e = NULL;
@@ -918,20 +916,20 @@ ldap_back_entry_get(
 	SlapReply	rs;
 	int		do_retry = 1;
 	LDAPControl	**ctrls = NULL;
+	Operation op2 = *op;

 	*ent = NULL;

 	/* Tell getconn this is a privileged op */
-	do_not_cache = op->o_do_not_cache;
-	tag = op->o_tag;
-	/* do not cache */
-	op->o_do_not_cache = 1;
+	op2.o_do_not_cache = 1;
+	/* use rootdn to be doubly explicit this is privileged */
+	op2.o_dn = op->o_bd->be_rootdn;
+	op2.o_ndn = op->o_bd->be_rootndn;
 	/* ldap_back_entry_get() is an entry lookup, so it does not need
 	 * to know what the entry is being looked up for */
-	op->o_tag = LDAP_REQ_SEARCH;
-	rc = ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND );
-	op->o_do_not_cache = do_not_cache;
-	op->o_tag = tag;
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2.o_ctrls = NULL;
+	rc = ldap_back_dobind( &lc, &op2, &rs, LDAP_BACK_DONTSEND );
 	if ( !rc ) {
 		return rs.sr_err;
 	}
@@ -961,8 +959,8 @@ ldap_back_entry_get(
 	}

 retry:
-	ctrls = op->o_ctrls;
-	rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
+	ctrls = NULL;
+	rc = ldap_back_controls_add( &op2, &rs, lc, &ctrls );
 	if ( rc != LDAP_SUCCESS ) {
 		goto cleanup;
 	}
@@ -974,9 +972,9 @@ retry:
 	if ( rc != LDAP_SUCCESS ) {
 		if ( rc == LDAP_SERVER_DOWN && do_retry ) {
 			do_retry = 0;
-			if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+			if ( ldap_back_retry( &lc, &op2, &rs, LDAP_BACK_DONTSEND ) ) {
 				/* if the identity changed, there might be need to re-authz */
-				(void)ldap_back_controls_free( op, &rs, &ctrls );
+				(void)ldap_back_controls_free( &op2, &rs, &ctrls );
 				goto retry;
 			}
 		}
@@ -1003,7 +1001,7 @@ retry:
 	}

 cleanup:
-	(void)ldap_back_controls_free( op, &rs, &ctrls );
+	(void)ldap_back_controls_free( &op2, &rs, &ctrls );

 	if ( result ) {
 		ldap_msgfree( result );