Commit e8850435 authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#8244 skip client controls in ldap_back_entry_get()

parent 3f572f79
......@@ -907,9 +907,7 @@ ldap_back_entry_get(
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc = NULL;
int rc,
do_not_cache;
ber_tag_t tag;
int rc;
struct berval bdn;
LDAPMessage *result = NULL,
*e = NULL;
......@@ -918,20 +916,20 @@ ldap_back_entry_get(
SlapReply rs;
int do_retry = 1;
LDAPControl **ctrls = NULL;
Operation op2 = *op;
*ent = NULL;
/* Tell getconn this is a privileged op */
do_not_cache = op->o_do_not_cache;
tag = op->o_tag;
/* do not cache */
op->o_do_not_cache = 1;
op2.o_do_not_cache = 1;
/* use rootdn to be doubly explicit this is privileged */
op2.o_dn = op->o_bd->be_rootdn;
op2.o_ndn = op->o_bd->be_rootndn;
/* ldap_back_entry_get() is an entry lookup, so it does not need
* to know what the entry is being looked up for */
op->o_tag = LDAP_REQ_SEARCH;
rc = ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND );
op->o_do_not_cache = do_not_cache;
op->o_tag = tag;
op2.o_tag = LDAP_REQ_SEARCH;
op2.o_ctrls = NULL;
rc = ldap_back_dobind( &lc, &op2, &rs, LDAP_BACK_DONTSEND );
if ( !rc ) {
return rs.sr_err;
}
......@@ -961,8 +959,8 @@ ldap_back_entry_get(
}
retry:
ctrls = op->o_ctrls;
rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
ctrls = NULL;
rc = ldap_back_controls_add( &op2, &rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
goto cleanup;
}
......@@ -974,9 +972,9 @@ retry:
if ( rc != LDAP_SUCCESS ) {
if ( rc == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
if ( ldap_back_retry( &lc, &op2, &rs, LDAP_BACK_DONTSEND ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, &rs, &ctrls );
(void)ldap_back_controls_free( &op2, &rs, &ctrls );
goto retry;
}
}
......@@ -1003,7 +1001,7 @@ retry:
}
cleanup:
(void)ldap_back_controls_free( op, &rs, &ctrls );
(void)ldap_back_controls_free( &op2, &rs, &ctrls );
if ( result ) {
ldap_msgfree( result );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment