upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-04 22:20:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix potential deadlock in back-meta (ITS#6846)

Browse source
This commit is contained in:
Pierangelo Masarati 2011-02-28 09:27:18 +00:00
parent f4cc27c0e5
commit 05b5405c5e
1 changed files with 23 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
servers/slapd/back-meta/bind.c
View file

@ -42,7 +42,8 @@ meta_back_proxy_authz_bind(
int candidate,
Operation *op,
SlapReply *rs,
ldap_back_send_t sendok );
ldap_back_send_t sendok,
int dolock );
static int
meta_back_single_bind(
@ -178,7 +179,7 @@ meta_back_bind( Operation *op, SlapReply *rs )
}
(void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND );
(void)meta_back_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND, 1 );
lerr = rs->sr_err;
} else {
@ -305,7 +306,8 @@ meta_back_bind_op_result(
metaconn_t *mc,
int candidate,
int msgid,
ldap_back_send_t sendok )
ldap_back_send_t sendok,
int dolock )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
@ -384,7 +386,9 @@ retry:;
/* don't let anyone else use this handler,
* because there's a pending bind that will not
* be acknowledged */
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( dolock) {
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
}
assert( LDAP_BACK_CONN_BINDING( msc ) );
#ifdef DEBUG_205
@ -393,7 +397,9 @@ retry:;
#endif /* DEBUG_205 */
meta_clear_one_candidate( op, mc, candidate );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
rs->sr_err = timeout_err;
rs->sr_text = timeout_text;
@ -516,7 +522,7 @@ meta_back_single_bind(
mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND );
meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
}
@ -527,7 +533,7 @@ meta_back_single_bind(
* bind with the configured identity assertion */
/* NOTE: use with care */
if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
meta_back_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR );
meta_back_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR, 1 );
if ( !LDAP_BACK_CONN_ISBOUND( msc ) ) {
goto return_results;
}
@ -596,7 +602,7 @@ meta_back_single_dobind(
( LDAP_BACK_CONN_ISPRIV( mc ) && dn_match( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN ) ) ||
( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
{
(void)meta_back_proxy_authz_bind( mc, candidate, op, rs, sendok );
(void)meta_back_proxy_authz_bind( mc, candidate, op, rs, sendok, dolock );
} else {
char *binddn = "";
@ -622,7 +628,7 @@ meta_back_single_dobind(
ldap_pvt_thread_yield();
}
rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok, dolock );
/* if bind succeeded, but anonymous, clear msc_bound_ndn */
if ( rs->sr_err != LDAP_SUCCESS || binddn[0] == '\0' ) {
@ -1548,7 +1554,13 @@ done:;
}
static int
meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
meta_back_proxy_authz_bind(
metaconn_t *mc,
int candidate,
Operation *op,
SlapReply *rs,
ldap_back_send_t sendok,
int dolock )
{
metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
@ -1574,7 +1586,7 @@ meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapRe
}
ldap_pvt_thread_yield();
}
rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok, dolock );
if ( rc == LDAP_SUCCESS ) {
/* set rebind stuff in case of successful proxyAuthz bind,
* so that referral chasing is attempted using the right