amoralej / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 years ago
Clone

Blame SOURCES/0088-Ticket-47704-invalid-sizelimits-in-aci-group-evaluat.patch

cc3dff
From e585f17556d12f96683665aed7699a78a89c9ab4 Mon Sep 17 00:00:00 2001
cc3dff
From: Ludwig Krispenz <lkrispen@redhat.com>
cc3dff
Date: Tue, 18 Feb 2014 11:40:16 +0100
cc3dff
Subject: [PATCH] Ticket 47704 - invalid sizelimits in aci group evaluation
cc3dff
cc3dff
Bug Description:  aci group evaluation fails because of sizelimit exceeded
cc3dff
			but it is exceeded because it is -1476887876 or another
cc3dff
			negative integer becasue operation parameter are a union
cc3dff
			based on operation types and so for otehr than search
cc3dff
			the value is dependent on the operation params
cc3dff
cc3dff
Fix Description:   treat any negative integer like -1 (unlimited). A better fix
cc3dff
			would be to introduce a specific configuration param or
cc3dff
			to abondon the limit in group evaluation at all. But this
cc3dff
			could introduce backward compatibility problems and
cc3dff
			will be handled in ticket 47703 for newer versions
cc3dff
cc3dff
https://fedorahosted.org/389/ticket/47704
cc3dff
cc3dff
Reviewed by: Rich, thanks
cc3dff
(cherry picked from commit 377266ebb2ff488aa3cc4b96990c002db7e6103e)
cc3dff
---
cc3dff
 ldap/servers/plugins/acl/acl_ext.c | 6 ++++++
cc3dff
 1 file changed, 6 insertions(+)
cc3dff
cc3dff
diff --git a/ldap/servers/plugins/acl/acl_ext.c b/ldap/servers/plugins/acl/acl_ext.c
cc3dff
index ee2dd0f..b9cec43 100644
cc3dff
--- a/ldap/servers/plugins/acl/acl_ext.c
cc3dff
+++ b/ldap/servers/plugins/acl/acl_ext.c
cc3dff
@@ -836,6 +836,12 @@ acl_init_aclpb ( Slapi_PBlock *pb , Acl_PBlock *aclpb, const char *ndn, int copy
cc3dff
 	slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &aclpb->aclpb_max_member_sizelimit );
cc3dff
 	if ( aclpb->aclpb_max_member_sizelimit == 0 ) {
cc3dff
 		aclpb->aclpb_max_member_sizelimit = SLAPD_DEFAULT_LOOKTHROUGHLIMIT;
cc3dff
+	} else if ( aclpb->aclpb_max_member_sizelimit < -1 ) {
cc3dff
+		/* handle the case of a negtive size limit either set or due
cc3dff
+		 * to bug bz1065971. The member size limit should be dropped,
cc3dff
+		 * but for backward compatibility to the best we can
cc3dff
+		 */
cc3dff
+		aclpb->aclpb_max_member_sizelimit = -1;
cc3dff
 	}
cc3dff
 	slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &aclpb->aclpb_optype );
cc3dff
 
cc3dff
-- 
cc3dff
1.8.1.4
cc3dff