389-ds-base

Clone
Source Code
GIT

46b06bb Ticket 47331 - Self entry access ACI not working properly

3 files Authored by tbordaz 9 years ago, Committed by nhosoi 9 years ago,
raw patch tree parent
3 files changed. 46 lines added. 2 lines removed.
ldap/servers/plugins/acl/acl.c
file modified
+26 -2
ldap/servers/plugins/acl/acl.h
file modified
+1 -0
ldap/servers/plugins/acl/aclparse.c
file modified
+19 -0 
    Ticket 47331 - Self entry access ACI not working properly
    
    Bug Description:
    
    	There are two issues in that bug.
    
    	The first one is that for a given entry, the rights related to an attribute are evaluated and cached. Reusing this evaluation for a different entry is erronous.
    
    	The second one is that for each deny/allow aci, the results of the evaluation of the aci is cached. These results
    	are reset for aci type that are entry related.  The parsing of the rule self entry access miss the setting
    	of ACI_USERDN_SELFRULE.
    	This flag allows to reset (in result cache) a result obtained on a previous entry. The consequence is that
    	a previous result was erronously reused.
    
    Fix Description:
    
    	The fix for the first issue, is to prevent acl__match_handlesFromCache to reuse already evaluated attributes.
    	A new flag make acl__match_handlesFromCache to return if the evaluation is entry related.
    
    	The second fix is to set ACI_USERDN_SELFRULE, when we have a rule like 'userdn = ldap:///self'
    
    https://fedorahosted.org/389/ticket/47331
    
    Reviewed by: Noriko Hosoi, Ludwig Krispenz
    
    Platforms tested: fedora 17
    
    Flag Day: no
    
    Doc impact: no
    (cherry picked from commit 79346deb255ca8d7889d7590534d308d4e3a78da)
    (cherry picked from commit 1580bcd71cbb60f0e97a36bf83faca6e079cd861)
file modified
+26 -2
file modified
+1 -0
file modified
+19 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.