[Date Prev][Date Next]
(ITS#8244) back-ldap entry_get is wrong
Full_Name: Howard Chu
Submission from: (NULL) (188.8.131.52)
Submitted by: hyc
The be_entry_get() entry point is only used for internal operations, not
client-initiated operations. Currently it propagates client-provided controls
through, but they don't belong there.
If be_entry_get is invoked due to an ACL evaluation, and the original client
operation was a syncrepl search, and the remote server honors the syncrepl
control, then this query may hang because ldap_back_entry_get() doesn't expect
to handle any Intermediate responses. Worse, if the control requested
RefreshAndPersist, then additional responses may pile up on the session as the
remote server sends persist updates.