ldap/servers/plugins/acl/acl_ext.c | 6 ++++++ 1 file changed, 6 insertions(+)

New commits: commit 3e5c14a405cc48e7be3f6072bff44bc5cc2655ca Author: Ludwig Krispenz lkrispen@redhat.com Date: Tue Feb 18 11:40:16 2014 +0100

Ticket 47704 - invalid sizelimits in aci group evaluation

Bug Description: aci group evaluation fails because of sizelimit exceeded but it is exceeded because it is -1476887876 or another negative integer becasue operation parameter are a union based on operation types and so for otehr than search the value is dependent on the operation params

Fix Description: treat any negative integer like -1 (unlimited). A better fix would be to introduce a specific configuration param or to abondon the limit in group evaluation at all. But this could introduce backward compatibility problems and will be handled in ticket 47703 for newer versions

https://fedorahosted.org/389/ticket/47704

Reviewed by: Rich, thanks

diff --git a/ldap/servers/plugins/acl/acl_ext.c b/ldap/servers/plugins/acl/acl_ext.c index 608de0a..f67bb96 100644 --- a/ldap/servers/plugins/acl/acl_ext.c +++ b/ldap/servers/plugins/acl/acl_ext.c @@ -847,6 +847,12 @@ acl_init_aclpb ( Slapi_PBlock *pb, Acl_PBlock *aclpb, const char *ndn, int copy_ slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &aclpb->aclpb_max_member_sizelimit ); if ( aclpb->aclpb_max_member_sizelimit == 0 ) { aclpb->aclpb_max_member_sizelimit = SLAPD_DEFAULT_LOOKTHROUGHLIMIT; + } else if ( aclpb->aclpb_max_member_sizelimit < -1 ) { + /* handle the case of a negtive size limit either set or due + * to bug bz1065971. The member size limit should be dropped, + * but for backward compatibility to the best we can + */ + aclpb->aclpb_max_member_sizelimit = -1; } slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &aclpb->aclpb_optype );