mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
plug selected leaks resulting from ITS#4056 & ITS#4057 implementation; may need further cleanup and reworking to streamline a bit
This commit is contained in:
parent
ddded040b9
commit
01bb0fa1ea
@ -312,14 +312,17 @@ meta_back_retry(
|
||||
|
||||
extern void
|
||||
meta_back_conn_free(
|
||||
metaconn_t *mc );
|
||||
void *v_mc );
|
||||
|
||||
extern int
|
||||
meta_back_init_one_conn(
|
||||
Operation *op,
|
||||
SlapReply *rs,
|
||||
metatarget_t *mt,
|
||||
metaconn_t *mc,
|
||||
metasingleconn_t *msc,
|
||||
int ispriv,
|
||||
int isauthz,
|
||||
ldap_back_send_t sendok );
|
||||
|
||||
extern int
|
||||
|
@ -391,7 +391,9 @@ retry:;
|
||||
/* mc here must be the regular mc,
|
||||
* reset and ready for init */
|
||||
rc = meta_back_init_one_conn( op, rs,
|
||||
mt, msc, LDAP_BACK_DONTSEND );
|
||||
mt, mc, msc, LDAP_BACK_CONN_ISPRIV( mc ),
|
||||
candidate == mc->mc_authz_target,
|
||||
LDAP_BACK_DONTSEND );
|
||||
|
||||
} else {
|
||||
/* can't do anything about it */
|
||||
@ -567,7 +569,10 @@ retry:;
|
||||
/* mc here must be the regular mc,
|
||||
* reset and ready for init */
|
||||
rc = meta_back_init_one_conn( op, rs,
|
||||
mt, msc, LDAP_BACK_DONTSEND );
|
||||
mt, mc, msc,
|
||||
LDAP_BACK_CONN_ISPRIV( mc ),
|
||||
candidate == mc->mc_authz_target,
|
||||
LDAP_BACK_DONTSEND );
|
||||
|
||||
|
||||
} else {
|
||||
|
@ -176,27 +176,6 @@ metaconn_alloc(
|
||||
return mc;
|
||||
}
|
||||
|
||||
/*
|
||||
* meta_back_conn_free
|
||||
*
|
||||
* clears a metaconn
|
||||
*/
|
||||
|
||||
void
|
||||
meta_back_conn_free(
|
||||
metaconn_t *mc )
|
||||
{
|
||||
assert( mc != NULL );
|
||||
assert( mc->mc_refcnt == 0 );
|
||||
|
||||
if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
|
||||
free( mc->mc_local_ndn.bv_val );
|
||||
}
|
||||
|
||||
ldap_pvt_thread_mutex_destroy( &mc->mc_mutex );
|
||||
free( mc );
|
||||
}
|
||||
|
||||
static void
|
||||
meta_back_freeconn(
|
||||
Operation *op,
|
||||
@ -225,7 +204,10 @@ meta_back_init_one_conn(
|
||||
Operation *op,
|
||||
SlapReply *rs,
|
||||
metatarget_t *mt,
|
||||
metaconn_t *mc,
|
||||
metasingleconn_t *msc,
|
||||
int ispriv,
|
||||
int isauthz,
|
||||
ldap_back_send_t sendok )
|
||||
{
|
||||
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
|
||||
@ -367,7 +349,19 @@ retry:;
|
||||
/*
|
||||
* If the connection DN is not null, an attempt to rewrite it is made
|
||||
*/
|
||||
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
|
||||
|
||||
if ( ispriv ) {
|
||||
ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
|
||||
ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
|
||||
LDAP_BACK_CONN_ISPRIV_SET( msc );
|
||||
|
||||
} else {
|
||||
BER_BVZERO( &msc->msc_cred );
|
||||
BER_BVZERO( &msc->msc_bound_ndn );
|
||||
if ( !BER_BVISEMPTY( &op->o_ndn )
|
||||
&& SLAP_IS_AUTHZ_BACKEND( op )
|
||||
&& isauthz )
|
||||
{
|
||||
dc.target = mt;
|
||||
dc.conn = op->o_conn;
|
||||
dc.rs = rs;
|
||||
@ -379,6 +373,7 @@ retry:;
|
||||
if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
|
||||
&msc->msc_bound_ndn ) )
|
||||
{
|
||||
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
|
||||
goto error_return;
|
||||
}
|
||||
|
||||
@ -387,11 +382,12 @@ retry:;
|
||||
ber_dupbv( &msc->msc_bound_ndn, &op->o_conn->c_dn );
|
||||
}
|
||||
|
||||
assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
|
||||
|
||||
} else {
|
||||
ber_str2bv( "", 0, 1, &msc->msc_bound_ndn );
|
||||
}
|
||||
}
|
||||
|
||||
assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
|
||||
|
||||
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
|
||||
|
||||
@ -450,7 +446,9 @@ retry_lock:;
|
||||
( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
|
||||
|
||||
/* mc here must be the regular mc, reset and ready for init */
|
||||
rc = meta_back_init_one_conn( op, rs, mt, msc, sendok );
|
||||
rc = meta_back_init_one_conn( op, rs, mt, mc, msc,
|
||||
LDAP_BACK_CONN_ISPRIV( mc ),
|
||||
candidate == mc->mc_authz_target, sendok );
|
||||
|
||||
if ( rc == LDAP_SUCCESS ) {
|
||||
rc = meta_back_single_dobind( op, rs, mc, candidate,
|
||||
@ -781,27 +779,13 @@ meta_back_getconn(
|
||||
* also init'd
|
||||
*/
|
||||
candidates[ i ].sr_err = meta_back_init_one_conn( op,
|
||||
rs, mt, msc, sendok );
|
||||
rs, mt, mc, msc,
|
||||
LDAP_BACK_CONN_ISPRIV( &mc_curr ),
|
||||
i == mc->mc_authz_target, sendok );
|
||||
if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
|
||||
candidates[ i ].sr_tag = META_CANDIDATE;
|
||||
ncandidates++;
|
||||
|
||||
if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
|
||||
ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
|
||||
ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
|
||||
LDAP_BACK_CONN_ISPRIV_SET( msc );
|
||||
|
||||
} else {
|
||||
BER_BVZERO( &msc->msc_cred );
|
||||
BER_BVZERO( &msc->msc_bound_ndn );
|
||||
if ( !BER_BVISEMPTY( &op->o_ndn )
|
||||
&& SLAP_IS_AUTHZ_BACKEND( op )
|
||||
&& i == mc->mc_authz_target )
|
||||
{
|
||||
ber_dupbv( &msc->msc_bound_ndn, &op->o_ndn );
|
||||
}
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
/*
|
||||
@ -941,7 +925,9 @@ meta_back_getconn(
|
||||
* also init'd. In case of error, meta_back_init_one_conn
|
||||
* sends the appropriate result.
|
||||
*/
|
||||
err = meta_back_init_one_conn( op, rs, mt, msc, sendok );
|
||||
err = meta_back_init_one_conn( op, rs, mt, mc, msc,
|
||||
LDAP_BACK_CONN_ISPRIV( &mc_curr ),
|
||||
i == mc->mc_authz_target, sendok );
|
||||
if ( err != LDAP_SUCCESS ) {
|
||||
/*
|
||||
* FIXME: in case one target cannot
|
||||
@ -967,22 +953,6 @@ meta_back_getconn(
|
||||
*candidate = i;
|
||||
}
|
||||
|
||||
if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
|
||||
ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
|
||||
ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
|
||||
LDAP_BACK_CONN_ISPRIV_SET( msc );
|
||||
|
||||
} else {
|
||||
BER_BVZERO( &msc->msc_cred );
|
||||
BER_BVZERO( &msc->msc_bound_ndn );
|
||||
if ( !BER_BVISEMPTY( &op->o_ndn )
|
||||
&& SLAP_IS_AUTHZ_BACKEND( op )
|
||||
&& i == mc->mc_authz_target )
|
||||
{
|
||||
ber_dupbv( &msc->msc_bound_ndn, &op->o_ndn );
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* if no unique candidate ...
|
||||
*/
|
||||
@ -1012,28 +982,15 @@ meta_back_getconn(
|
||||
* also init'd
|
||||
*/
|
||||
int lerr = meta_back_init_one_conn( op, rs,
|
||||
mt, msc, sendok );
|
||||
mt, mc, msc,
|
||||
LDAP_BACK_CONN_ISPRIV( &mc_curr ),
|
||||
i == mc->mc_authz_target,
|
||||
sendok );
|
||||
if ( lerr == LDAP_SUCCESS ) {
|
||||
candidates[ i ].sr_tag = META_CANDIDATE;
|
||||
candidates[ i ].sr_err = LDAP_SUCCESS;
|
||||
ncandidates++;
|
||||
|
||||
if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
|
||||
ber_dupbv( &msc->msc_cred, &mt->mt_pseudorootpw );
|
||||
ber_dupbv( &msc->msc_bound_ndn, &mt->mt_pseudorootdn );
|
||||
LDAP_BACK_CONN_ISPRIV_SET( msc );
|
||||
|
||||
} else {
|
||||
BER_BVZERO( &msc->msc_cred );
|
||||
BER_BVZERO( &msc->msc_bound_ndn );
|
||||
if ( !BER_BVISEMPTY( &op->o_ndn )
|
||||
&& SLAP_IS_AUTHZ_BACKEND( op )
|
||||
&& i == mc->mc_authz_target )
|
||||
{
|
||||
ber_dupbv( &msc->msc_bound_ndn, &op->o_ndn );
|
||||
}
|
||||
}
|
||||
|
||||
Debug( LDAP_DEBUG_TRACE, "%s: meta_back_init_one_conn(%d)\n",
|
||||
op->o_log_prefix, i, 0 );
|
||||
|
||||
|
@ -126,13 +126,20 @@ meta_back_db_open(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
conn_free(
|
||||
void
|
||||
meta_back_conn_free(
|
||||
void *v_mc )
|
||||
{
|
||||
metaconn_t *mc = v_mc;
|
||||
int i, ntargets;
|
||||
|
||||
assert( mc != NULL );
|
||||
assert( mc->mc_refcnt == 0 );
|
||||
|
||||
if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
|
||||
free( mc->mc_local_ndn.bv_val );
|
||||
}
|
||||
|
||||
assert( mc->mc_conns != NULL );
|
||||
|
||||
/* at least one must be present... */
|
||||
@ -156,6 +163,7 @@ conn_free(
|
||||
}
|
||||
}
|
||||
|
||||
ldap_pvt_thread_mutex_destroy( &mc->mc_mutex );
|
||||
free( mc );
|
||||
}
|
||||
|
||||
@ -220,7 +228,7 @@ meta_back_db_destroy(
|
||||
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
|
||||
|
||||
if ( mi->mi_conntree ) {
|
||||
avl_free( mi->mi_conntree, conn_free );
|
||||
avl_free( mi->mi_conntree, meta_back_conn_free );
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user