[389-devel] Please review: [Bug 329751] "nested" filtered roles searches candidates more than needed
Noriko Hosoi
nhosoi at redhat.com
Tue Nov 2 17:35:01 UTC 2010
https://bugzilla.redhat.com/show_bug.cgi?id=329751
https://bugzilla.redhat.com/attachment.cgi?id=457238&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=457238&action=edit
Bug Description: If nsRoleFilter in nsRoleDefinition contains
virtual attributes in the filter AND the attribute type is
not indexed, following searches could go in to a loop starting
from slapi_vattr_filter_test. On the other hand, if the
the attribute type is indexed, the nsRoleDefinition is ignored.
The server does not support virtual attributes for nsRoleFilter,
but it was not checked. This patch tries to detect such an invalid
role definition and issues an error. Note: the check cannot detect
the case nsRoleFilter is already in the db, then add CoS defining
an attribute in the nsRoleFilter as an virtual attribute.
File:
ldap/servers/plugins/cos/cos_cache.c
ldap/servers/plugins/roles/roles_cache.c
ldap/servers/slapd/vattr.c
More information about the 389-devel
mailing list