[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8244) back-ldap entry_get is wrong

Full_Name: Howard Chu
Version: 2.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: hyc

The be_entry_get() entry point is only used for internal operations, not
client-initiated operations. Currently it propagates client-provided controls
through, but they don't belong there.

If be_entry_get is invoked due to an ACL evaluation, and the original client
operation was a syncrepl search, and the remote server honors the syncrepl
control, then this query may hang because ldap_back_entry_get() doesn't expect
to handle any Intermediate responses. Worse, if the control requested
RefreshAndPersist, then additional responses may pile up on the session as the
remote server sends persist updates.