From faceccd8205fda6d4d5510bdebf6e38f9b221fd2 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Wed, 28 May 2008 15:32:52 +0000
Subject: [PATCH] Bypass race condition in ACI group membership check code. (Issue TBD).

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java |   21 +++++++++++++--------
 1 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index a870899..d5a73c5 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -830,17 +830,22 @@
       return matched;
     }
 
-  /**
-   * {@inheritDoc}
-   */
+    /**
+     * {@inheritDoc}
+     */
     public boolean isMemberOf(Group group) {
-        boolean ret;
-        try {
+      boolean ret;
+      try {
+        Entry e = getClientEntry();
+        if(e != null) {
+          ret=group.isMember(e);
+        } else {
           ret=group.isMember(getClientDN());
-        } catch (DirectoryException ex) {
-            ret=false;
         }
-        return  ret;
+      } catch (DirectoryException ex) {
+        ret=false;
+      }
+      return  ret;
     }
 
   /**

--
Gitblit v1.10.0