https://issues.shibboleth.net/jira/browse/CPPOST-9

[shibboleth/cpp-opensaml.git] / saml / saml2 / metadata / impl / ChainingMetadataProvider.cpp

diff --git a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
index f1e0a09..9faca91 100644 (file)
--- a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
@@ -25,6 +25,7 @@
 #include "saml/binding/SAMLArtifact.h"
 #include "saml2/metadata/ChainingMetadataProvider.h"
 
+#include <memory>
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xmltooling/logging.h>
 #include <xmltooling/util/XMLHelper.h>
@@ -167,8 +168,6 @@ const EntitiesDescriptor* ChainingMetadataProvider::getEntitiesDescriptor(const
 
 pair<const EntityDescriptor*,const RoleDescriptor*> ChainingMetadataProvider::getEntityDescriptor(const Criteria& criteria) const
 {
-    bool bRole = (criteria.role && criteria.protocol);  // searching for role also?
-
     // Clear any existing lock.
     const_cast<ChainingMetadataProvider*>(this)->unlock();
 
@@ -180,11 +179,14 @@ pair<const EntityDescriptor*,const RoleDescriptor*> ChainingMetadataProvider::ge
         (*i)->lock();
         cur = (*i)->getEntityDescriptor(criteria);
         if (cur.first) {
-            if (bRole) {
+            if (criteria.role) {
                 // We want a role also. Did we find one?
                 if (cur.second) {
                     // Are we using a first match policy?
                     if (m_firstMatch) {
+                        // We could have an entity-only match from earlier, so unlock it.
+                        if (held)
+                            held->unlock();
                         // Save locked provider.
                         m_tlsKey->setData(*i);
                         return cur;
@@ -234,6 +236,10 @@ pair<const EntityDescriptor*,const RoleDescriptor*> ChainingMetadataProvider::ge
             else {
                 // Are we using a first match policy?
                 if (m_firstMatch) {
+                    // I don't think this can happen, but who cares, check anyway.
+                    if (held)
+                        held->unlock();
+                    
                     // Save locked provider.
                     m_tlsKey->setData(*i);
                     return cur;