mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-03-01 14:15:49 +08:00
ITS#8244 skip client controls in ldap_back_entry_get()
This commit is contained in:
Howard Chu
parent
844ee7df82
commit
05b32b4992
@ -907,9 +907,7 @@ ldap_back_entry_get(
|
||||
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
|
||||
|
||||
ldapconn_t *lc = NULL;
|
||||
int rc,
|
||||
do_not_cache;
|
||||
ber_tag_t tag;
|
||||
int rc;
|
||||
struct berval bdn;
|
||||
LDAPMessage *result = NULL,
|
||||
*e = NULL;
|
||||
@ -918,20 +916,20 @@ ldap_back_entry_get(
|
||||
SlapReply rs;
|
||||
int do_retry = 1;
|
||||
LDAPControl **ctrls = NULL;
|
||||
Operation op2 = *op;
|
||||
|
||||
*ent = NULL;
|
||||
|
||||
/* Tell getconn this is a privileged op */
|
||||
do_not_cache = op->o_do_not_cache;
|
||||
tag = op->o_tag;
|
||||
/* do not cache */
|
||||
op->o_do_not_cache = 1;
|
||||
op2.o_do_not_cache = 1;
|
||||
/* use rootdn to be doubly explicit this is privileged */
|
||||
op2.o_dn = op->o_bd->be_rootdn;
|
||||
op2.o_ndn = op->o_bd->be_rootndn;
|
||||
/* ldap_back_entry_get() is an entry lookup, so it does not need
|
||||
* to know what the entry is being looked up for */
|
||||
op->o_tag = LDAP_REQ_SEARCH;
|
||||
rc = ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND );
|
||||
op->o_do_not_cache = do_not_cache;
|
||||
op->o_tag = tag;
|
||||
op2.o_tag = LDAP_REQ_SEARCH;
|
||||
op2.o_ctrls = NULL;
|
||||
rc = ldap_back_dobind( &lc, &op2, &rs, LDAP_BACK_DONTSEND );
|
||||
if ( !rc ) {
|
||||
return rs.sr_err;
|
||||
}
|
||||
@ -961,8 +959,8 @@ ldap_back_entry_get(
|
||||
}
|
||||
|
||||
retry:
|
||||
ctrls = op->o_ctrls;
|
||||
rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
|
||||
ctrls = NULL;
|
||||
rc = ldap_back_controls_add( &op2, &rs, lc, &ctrls );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
goto cleanup;
|
||||
}
|
||||
@ -974,9 +972,9 @@ retry:
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
if ( rc == LDAP_SERVER_DOWN && do_retry ) {
|
||||
do_retry = 0;
|
||||
if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
|
||||
if ( ldap_back_retry( &lc, &op2, &rs, LDAP_BACK_DONTSEND ) ) {
|
||||
/* if the identity changed, there might be need to re-authz */
|
||||
(void)ldap_back_controls_free( op, &rs, &ctrls );
|
||||
(void)ldap_back_controls_free( &op2, &rs, &ctrls );
|
||||
goto retry;
|
||||
}
|
||||
}
|
||||
@ -1003,7 +1001,7 @@ retry:
|
||||
}
|
||||
|
||||
cleanup:
|
||||
(void)ldap_back_controls_free( op, &rs, &ctrls );
|
||||
(void)ldap_back_controls_free( &op2, &rs, &ctrls );
|
||||
|
||||
if ( result ) {
|
||||
ldap_msgfree( result );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user