From 49a19c58cb0441135a477dbba3321ec422912124 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 3 Dec 2003 02:32:39 +0000 Subject: [PATCH] ITS#2779 from HEAD - group ACL caching --- servers/slapd/backend.c | 12 +++--------- servers/slapd/connection.c | 11 ----------- servers/slapd/operation.c | 8 ++++++++ servers/slapd/slap.h | 29 ++++++++++++++--------------- 4 files changed, 25 insertions(+), 35 deletions(-) diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index d349a7077c..3f4f2f8867 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -1111,9 +1111,7 @@ backend_group( } } - ldap_pvt_thread_mutex_lock( &conn->c_mutex ); - - for (g = conn->c_groups; g; g=g->ga_next) { + for (g = op->o_groups; g; g=g->ga_next) { if (g->ga_be != be || g->ga_oc != group_oc || g->ga_at != group_at || g->ga_len != gr_ndn->bv_len) continue; @@ -1121,8 +1119,6 @@ backend_group( break; } - ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); - if (g) { return g->ga_res; } @@ -1140,10 +1136,8 @@ backend_group( g->ga_res = res; g->ga_len = gr_ndn->bv_len; strcpy(g->ga_ndn, gr_ndn->bv_val); - ldap_pvt_thread_mutex_lock( &conn->c_mutex ); - g->ga_next = conn->c_groups; - conn->c_groups = g; - ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); + g->ga_next = op->o_groups; + op->o_groups = g; } return res; diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 1b0a122bb3..3a53722857 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -421,7 +421,6 @@ long connection_init( c->c_dn.bv_len = 0; c->c_ndn.bv_val = NULL; c->c_ndn.bv_len = 0; - c->c_groups = NULL; c->c_listener = NULL; c->c_peer_domain.bv_val = NULL; @@ -461,7 +460,6 @@ long connection_init( assert( c->c_authmech.bv_val == NULL ); assert( c->c_dn.bv_val == NULL ); assert( c->c_ndn.bv_val == NULL ); - assert( c->c_groups == NULL ); assert( c->c_listener == NULL ); assert( c->c_peer_domain.bv_val == NULL ); assert( c->c_peer_name.bv_val == NULL ); @@ -597,15 +595,6 @@ void connection2anonymous( Connection *c ) c->c_ndn.bv_len = 0; c->c_authz_backend = NULL; - - { - GroupAssertion *g, *n; - for (g = c->c_groups; g; g=n) { - n = g->ga_next; - free(g); - } - c->c_groups = NULL; - } } static void diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c index 9199e3310c..309b16e757 100644 --- a/servers/slapd/operation.c +++ b/servers/slapd/operation.c @@ -75,6 +75,14 @@ slap_op_free( Operation *op ) free( op->o_sync_state.bv_val ); } #endif + { + GroupAssertion *g, *n; + for (g = op->o_groups; g; g=n) { + n = g->ga_next; + free( g ); + } + op->o_groups = NULL; + } #if defined( LDAP_SLAPI ) if ( op->o_pb != NULL ) { diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 2074683829..7d01cc666a 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1653,6 +1653,18 @@ struct psid_entry { }; #endif +/* + * Caches the result of a backend_group check for ACL evaluation + */ +typedef struct slap_gacl { + struct slap_gacl *ga_next; + Backend *ga_be; + ObjectClass *ga_oc; + AttributeDescription *ga_at; + int ga_res; + ber_len_t ga_len; + char ga_ndn[1]; +} GroupAssertion; /* * represents an operation pending from an ldap client @@ -1678,7 +1690,8 @@ typedef struct slap_op { #define SLAP_CANCEL_ACK 0x02 #define SLAP_CANCEL_DONE 0x03 - char o_do_not_cache; /* don't cache from this op */ + GroupAssertion *o_groups; + char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ #define SLAP_NO_CONTROL 0 @@ -1856,19 +1869,6 @@ typedef void (*SEND_LDAP_INTERMEDIATE_RESP)( (*conn->c_send_ldap_intermediate_resp)( conn, op, err, matched, text, \ refs, rspoid, rspdata, ctrls ) -/* - * Caches the result of a backend_group check for ACL evaluation - */ -typedef struct slap_gacl { - struct slap_gacl *ga_next; - Backend *ga_be; - ObjectClass *ga_oc; - AttributeDescription *ga_at; - int ga_res; - ber_len_t ga_len; - char ga_ndn[1]; -} GroupAssertion; - typedef struct slap_listener Listener; /* @@ -1901,7 +1901,6 @@ typedef struct slap_conn { Backend *c_authz_backend; AuthorizationInformation c_authz; - GroupAssertion *c_groups; ber_int_t c_protocol; /* version of the LDAP protocol used by client */ -- 2.47.2