8a3b9f1 Ticket 49296 - Fix race condition in connection code with

Authored and Committed by mreynolds 2 years ago
    Ticket 49296 - Fix race condition in connection code with
     anonymous limits
    
    Bug Description:  When a connection first comes in we set the anonymous
                      resource limits (if set) before we do anything else.  The
                      way we check if the connection is "new" was flawed.  It
                      assumed the connection was new if no operations were
                      completed yet, but there was a small window between sending
                      the result and setting that the operation completed in the
                      connection struct.
    
                      So on a connection that binds and then does a search, when
                      the server sends the bind result the client sends the search,
                      but the search op/activity can be picked up before we set
                      c_opscompleted.  This opens a window where the code thinks
                      the search op is the first op(new connection), and it incorrectly
                      sets the anonymous limits for the bind dn.
    
    Fix description:  Do not use c_opscompleted to determine if a connection is new,
                      instead use a new flag to set the connection "initialized",
                      which prevents the race condition.
    
    https://pagure.io/389-ds-base/issue/49296
    
    Reviewed by: firstyear(Thanks!)
    
    (cherry picked from commit 0d5214d08e6b5b39fb9d5ef5cf3d8834574954f1)
    
        
file modified
+3 -4