From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Wed, 10 Nov 2021 12:20:27 +0000 (+0000)
Subject: ITS#9742 Reject a refresh if we can't do a precise resync
X-Git-Tag: OPENLDAP_REL_ENG_2_5_10~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52b89f52c12bf71a9ee9638b9b67e023dbabda7e;p=thirdparty%2Fopenldap.git

ITS#9742 Reject a refresh if we can't do a precise resync
---

diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index 59d5e76746..23a070aef6 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -3234,8 +3234,15 @@ syncprov_op_search( Operation *op, SlapReply *rs )
 		if (srs->sr_state.numcsns != numcsns) {
 			/* consumer doesn't have the right number of CSNs */
 			Debug( LDAP_DEBUG_SYNC, "%s syncprov_op_search: "
-				"consumer cookie is missing a csn we track\n",
-				op->o_log_prefix );
+				"consumer cookie is missing a csn we track%s\n",
+				op->o_log_prefix, si->si_nopres ? ", rejecting" : "" );
+
+			if ( si->si_nopres ) {
+				rs->sr_err = LDAP_SYNC_REFRESH_REQUIRED;
+				rs->sr_text = "not enough information to resync, please use other means";
+				goto bailout;
+			}
+
 			changed = SS_CHANGED;
 			if ( srs->sr_state.ctxcsn ) {
 				ber_bvarray_free_x( srs->sr_state.ctxcsn, op->o_tmpmemctx );