From: Arvid Requate <requate@univention.de>
Date: Fri, 24 Jul 2020 19:23:20 +0000 (+0200)
Subject: ITS#9302 ppolicy: avoid pwdFailureTime race condition
X-Git-Tag: OPENLDAP_REL_ENG_2_4_51~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c43965176b43cac4017ff0160709b14aac055a31;p=thirdparty%2Fopenldap.git

ITS#9302 ppolicy: avoid pwdFailureTime race condition
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index e90ba94e27..5576ab8075 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -211,6 +211,7 @@ static struct schema_info pwd_UsSchema[] = {
 };
 
 static ldap_pvt_thread_mutex_t chk_syntax_mutex;
+static ldap_pvt_thread_mutex_t pwdFailureTime_mutex;
 
 enum {
 	PPOLICY_DEFAULT = 1,
@@ -999,11 +1000,13 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
 		goto locked;
 	}
 
+	ldap_pvt_thread_mutex_lock( &pwdFailureTime_mutex );
 	op->o_bd->bd_info = (BackendInfo *)on->on_info;
 	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
 	op->o_bd->bd_info = bi;
 
 	if ( rc != LDAP_SUCCESS ) {
+		ldap_pvt_thread_mutex_unlock( &pwdFailureTime_mutex );
 		return SLAP_CB_CONTINUE;
 	}
 
@@ -1327,6 +1330,7 @@ locked:
 		op->o_callback->sc_cleanup = ppolicy_ctrls_cleanup;
 	}
 	op->o_bd->bd_info = bi;
+	ldap_pvt_thread_mutex_unlock( &pwdFailureTime_mutex );
 	return SLAP_CB_CONTINUE;
 }
 
@@ -2473,6 +2477,8 @@ ppolicy_db_init(
 
 	ov_count++;
 
+	ldap_pvt_thread_mutex_init( &pwdFailureTime_mutex );
+
 	return 0;
 }
 
@@ -2518,6 +2524,7 @@ ppolicy_db_destroy(
 		pwc--;
 		ch_free( pwc );
 	}
+	ldap_pvt_thread_mutex_destroy( &pwdFailureTime_mutex );
 	return 0;
 }