From b769f446197c6e20058c2db5271a8fccd0ca68a6 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 26 Sep 2006 15:12:07 +0000 Subject: [PATCH] fix ITS#4686 (retry with idassert) --- servers/slapd/back-meta/add.c | 4 +++- servers/slapd/back-meta/delete.c | 4 +++- servers/slapd/back-meta/modify.c | 4 +++- servers/slapd/back-meta/modrdn.c | 4 +++- servers/slapd/back-meta/search.c | 4 +++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/servers/slapd/back-meta/add.c b/servers/slapd/back-meta/add.c index 66afd66e11..2d318bb1f0 100644 --- a/servers/slapd/back-meta/add.c +++ b/servers/slapd/back-meta/add.c @@ -167,6 +167,7 @@ meta_back_add( Operation *op, SlapReply *rs ) } attrs[ i ] = NULL; +retry:; ctrls = op->o_ctrls; if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn, mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS ) @@ -175,7 +176,6 @@ meta_back_add( Operation *op, SlapReply *rs ) goto cleanup; } -retry:; rs->sr_err = ldap_add_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val, attrs, ctrls, NULL, &msgid ); rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid, @@ -183,6 +183,8 @@ retry:; if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-meta/delete.c b/servers/slapd/back-meta/delete.c index 586f4bcffe..14ded8b4a8 100644 --- a/servers/slapd/back-meta/delete.c +++ b/servers/slapd/back-meta/delete.c @@ -65,6 +65,7 @@ meta_back_delete( Operation *op, SlapReply *rs ) goto cleanup; } +retry:; ctrls = op->o_ctrls; if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn, mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS ) @@ -73,7 +74,6 @@ meta_back_delete( Operation *op, SlapReply *rs ) goto cleanup; } -retry:; rs->sr_err = ldap_delete_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val, ctrls, NULL, &msgid ); rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid, @@ -81,6 +81,8 @@ retry:; if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-meta/modify.c b/servers/slapd/back-meta/modify.c index 437d744c92..9b86b49b29 100644 --- a/servers/slapd/back-meta/modify.c +++ b/servers/slapd/back-meta/modify.c @@ -176,6 +176,7 @@ meta_back_modify( Operation *op, SlapReply *rs ) } modv[ i ] = 0; +retry:; ctrls = op->o_ctrls; rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn, mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ); @@ -184,7 +185,6 @@ meta_back_modify( Operation *op, SlapReply *rs ) goto cleanup; } -retry:; rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val, modv, ctrls, NULL, &msgid ); rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid, @@ -192,6 +192,8 @@ retry:; if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-meta/modrdn.c b/servers/slapd/back-meta/modrdn.c index c009afc84c..f6e27c6490 100644 --- a/servers/slapd/back-meta/modrdn.c +++ b/servers/slapd/back-meta/modrdn.c @@ -118,6 +118,7 @@ meta_back_modrdn( Operation *op, SlapReply *rs ) goto cleanup; } +retry:; ctrls = op->o_ctrls; if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn, mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS ) @@ -126,7 +127,6 @@ meta_back_modrdn( Operation *op, SlapReply *rs ) goto cleanup; } -retry:; rs->sr_err = ldap_rename( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val, op->orr_newrdn.bv_val, mnewSuperior.bv_val, op->orr_deleteoldrdn, @@ -136,6 +136,8 @@ retry:; if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) { + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; } } diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 650afddfb7..cc7647bf69 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -454,6 +454,7 @@ meta_back_search_start( tvp = &tv; } +retry:; ctrls = op->o_ctrls; if ( ldap_back_proxy_authz_ctrl( &msc->msc_bound_ndn, mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) @@ -467,7 +468,6 @@ meta_back_search_start( /* * Starts the search */ -retry:; assert( msc->msc_ld != NULL ); rc = ldap_search_ext( msc->msc_ld, mbase.bv_val, realscope, mfilter.bv_val, @@ -482,6 +482,8 @@ retry:; case LDAP_SERVER_DOWN: if ( nretries && meta_back_retry( op, rs, mcp, candidate, LDAP_BACK_DONTSEND ) ) { nretries = 0; + /* if the identity changed, there might be need to re-authz */ + (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls ); goto retry; }