ITS#9302 ppolicy: avoid pwdFailureTime race condition

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index e90ba94e2737a027398e4cff3b845931dfe0b907..5576ab80757ea26d30f474f403360050bcea13c6 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -211,6 +211,7 @@ static struct schema_info pwd_UsSchema[] = {
 };
 
 static ldap_pvt_thread_mutex_t chk_syntax_mutex;
+static ldap_pvt_thread_mutex_t pwdFailureTime_mutex;
 
 enum {
        PPOLICY_DEFAULT = 1,
@@ -999,11 +1000,13 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
                goto locked;
        }
 
+       ldap_pvt_thread_mutex_lock( &pwdFailureTime_mutex );
        op->o_bd->bd_info = (BackendInfo *)on->on_info;
        rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
        op->o_bd->bd_info = bi;
 
        if ( rc != LDAP_SUCCESS ) {
+               ldap_pvt_thread_mutex_unlock( &pwdFailureTime_mutex );
                return SLAP_CB_CONTINUE;
        }
 
@@ -1327,6 +1330,7 @@ locked:
                op->o_callback->sc_cleanup = ppolicy_ctrls_cleanup;
        }
        op->o_bd->bd_info = bi;
+       ldap_pvt_thread_mutex_unlock( &pwdFailureTime_mutex );
        return SLAP_CB_CONTINUE;
 }
 
@@ -2473,6 +2477,8 @@ ppolicy_db_init(
 
        ov_count++;
 
+       ldap_pvt_thread_mutex_init( &pwdFailureTime_mutex );
+
        return 0;
 }
 
@@ -2518,6 +2524,7 @@ ppolicy_db_destroy(
                pwc--;
                ch_free( pwc );
        }
+       ldap_pvt_thread_mutex_destroy( &pwdFailureTime_mutex );
        return 0;
 }