andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
dc8c34
From 267eb2dfe13b9cd0cd44ebf7a2006f676662f00e Mon Sep 17 00:00:00 2001
dc8c34
From: Ludwig Krispenz <lkrispen@redhat.com>
dc8c34
Date: Tue, 18 Feb 2014 11:40:16 +0100
dc8c34
Subject: [PATCH 176/225] Ticket 47704 - invalid sizelimits in aci group
dc8c34
 evaluation
dc8c34
dc8c34
Bug Description:  aci group evaluation fails because of sizelimit exceeded
dc8c34
			but it is exceeded because it is -1476887876 or another
dc8c34
			negative integer becasue operation parameter are a union
dc8c34
			based on operation types and so for otehr than search
dc8c34
			the value is dependent on the operation params
dc8c34
dc8c34
Fix Description:   treat any negative integer like -1 (unlimited). A better fix
dc8c34
			would be to introduce a specific configuration param or
dc8c34
			to abondon the limit in group evaluation at all. But this
dc8c34
			could introduce backward compatibility problems and
dc8c34
			will be handled in ticket 47703 for newer versions
dc8c34
dc8c34
https://fedorahosted.org/389/ticket/47704
dc8c34
dc8c34
Reviewed by: Rich, thanks
dc8c34
(cherry picked from commit 377266ebb2ff488aa3cc4b96990c002db7e6103e)
dc8c34
(cherry picked from commit e0092e3321975d0388b107986252baecf8b830ec)
dc8c34
---
dc8c34
 ldap/servers/plugins/acl/acl_ext.c | 6 ++++++
dc8c34
 1 file changed, 6 insertions(+)
dc8c34
dc8c34
diff --git a/ldap/servers/plugins/acl/acl_ext.c b/ldap/servers/plugins/acl/acl_ext.c
dc8c34
index e42a7e2..7c50308 100644
dc8c34
--- a/ldap/servers/plugins/acl/acl_ext.c
dc8c34
+++ b/ldap/servers/plugins/acl/acl_ext.c
dc8c34
@@ -835,6 +835,12 @@ acl_init_aclpb ( Slapi_PBlock *pb , Acl_PBlock *aclpb, const char *ndn, int copy
dc8c34
 	slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &aclpb->aclpb_max_member_sizelimit );
dc8c34
 	if ( aclpb->aclpb_max_member_sizelimit == 0 ) {
dc8c34
 		aclpb->aclpb_max_member_sizelimit = SLAPD_DEFAULT_LOOKTHROUGHLIMIT;
dc8c34
+	} else if ( aclpb->aclpb_max_member_sizelimit < -1 ) {
dc8c34
+		/* handle the case of a negtive size limit either set or due
dc8c34
+		 * to bug bz1065971. The member size limit should be dropped,
dc8c34
+		 * but for backward compatibility to the best we can
dc8c34
+		 */
dc8c34
+		aclpb->aclpb_max_member_sizelimit = -1;
dc8c34
 	}
dc8c34
 	slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &aclpb->aclpb_optype );
dc8c34
 
dc8c34
-- 
dc8c34
1.8.1.4
dc8c34