andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 6 months ago
Clone

Blame SOURCES/0018-Ticket-50727-change-syntax-validate-by-default-in-1..patch

8394b4
From 961d91d16f26f03812c83143cbb7dc3e37677bf6 Mon Sep 17 00:00:00 2001
8394b4
From: William Brown <william@blackhats.net.au>
8394b4
Date: Wed, 18 Dec 2019 13:14:24 +1000
8394b4
Subject: [PATCH 1/2] Ticket 50727 - change syntax validate by default in 1.4.2
8394b4
8394b4
Bug Description: The default syntax validate for 1.4.2 should be changed to
8394b4
a softer introduction so that admins have time to prepare for the change
8394b4
of query behaviour in 1.4.3.
8394b4
8394b4
Fix Description: Change default in 1.4.2 to warn-invalid, 1.4.3 will
8394b4
remain as process-safe.
8394b4
8394b4
https://pagure.io/389-ds-base/issue/50727
8394b4
8394b4
Author: William Brown <william@blackhats.net.au>
8394b4
8394b4
Review by: tbordaz (Thanks)
8394b4
---
8394b4
 ldap/servers/slapd/libglobs.c | 8 ++++----
8394b4
 1 file changed, 4 insertions(+), 4 deletions(-)
8394b4
8394b4
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
8394b4
index db61ee0b8..b9cdb6b37 100644
8394b4
--- a/ldap/servers/slapd/libglobs.c
8394b4
+++ b/ldap/servers/slapd/libglobs.c
8394b4
@@ -1783,7 +1783,7 @@ FrontendConfig_init(void)
8394b4
      * scheme set in cn=config
8394b4
      */
8394b4
     init_enable_upgrade_hash = cfg->enable_upgrade_hash = LDAP_ON;
8394b4
-    init_verify_filter_schema = cfg->verify_filter_schema = SLAPI_WARN;
8394b4
+    init_verify_filter_schema = cfg->verify_filter_schema = SLAPI_WARN_UNSAFE;
8394b4
 
8394b4
     /* Done, unlock!  */
8394b4
     CFG_UNLOCK_WRITE(cfg);
8394b4
@@ -7689,7 +7689,7 @@ config_set_onoffwarn(slapdFrontendConfig_t *slapdFrontendConfig, slapi_onwarnoff
8394b4
         return LDAP_OPERATIONS_ERROR;
8394b4
     }
8394b4
 
8394b4
-    slapi_onwarnoff_t p_val = SLAPI_OFF;
8394b4
+    slapi_special_filter_verify_t p_val = SLAPI_WARN_UNSAFE;
8394b4
 
8394b4
     if (strcasecmp(value, "on") == 0) {
8394b4
         p_val = SLAPI_ON;
8394b4
@@ -8033,8 +8033,8 @@ config_set_value(
8394b4
         } else if (*((slapi_onwarnoff_t *)value) == SLAPI_WARN) {
8394b4
             slapi_entry_attr_set_charptr(e, cgas->attr_name, "warn");
8394b4
         } else {
8394b4
-            slapi_entry_attr_set_charptr(e, cgas->attr_name, "off");
8394b4
-            /* Default to off. */
8394b4
+            /* Default to safe warn-proccess-safely */
8394b4
+            slapi_entry_attr_set_charptr(e, cgas->attr_name, "warn-invalid");
8394b4
         }
8394b4
 
8394b4
         break;
8394b4
-- 
8394b4
2.21.1
8394b4