Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Ticket 47703 - remove search limit for aci group evaluation

Bug Description:  Groups that have members that exceed the server sizelimit
                  are not fully processed, and aci evalauation fails.

Fix Description:  There should not be a sizelimit when processing aci's based
                  on group membership.

https://fedorahosted.org/389/ticket/47703

Reviewed by: nhosoi(Thanks!)
Mark Reynolds 9 years ago
parent
1e1f6fe1b8
commit
3151648f2c
3 changed files with 0 additions and 23 deletions
Split View Show Diff Stats
  1. 0 2
      ldap/servers/plugins/acl/acl.h
  2. 0 10
      ldap/servers/plugins/acl/acl_ext.c
  3. 0 11
      ldap/servers/plugins/acl/acllas.c

+ 0 - 2
ldap/servers/plugins/acl/acl.h
View File 

@@ -523,8 +523,6 @@ struct acl_pblock {
 
 	
 	/* Keep the Group nesting level */
 
 	int 					aclpb_max_nesting_level;
 
-	int 					aclpb_max_member_sizelimit;
 
-
 
 
     /* To keep the results in the cache */

+ 0 - 10
ldap/servers/plugins/acl/acl_ext.c
View File 

@@ -865,16 +865,6 @@ acl_init_aclpb ( Slapi_PBlock *pb, Acl_PBlock *aclpb, const char *ndn, int copy_
 
 	aclg_init_userGroup ( aclpb, ndn, 0 /* get lock */ );
 
 
 	slapi_pblock_get( pb, SLAPI_BE_MAXNESTLEVEL, &aclpb->aclpb_max_nesting_level );
 
-	slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &aclpb->aclpb_max_member_sizelimit );
 
-	if ( aclpb->aclpb_max_member_sizelimit == 0 ) {
 
-		aclpb->aclpb_max_member_sizelimit = SLAPD_DEFAULT_LOOKTHROUGHLIMIT;
 
-	} else if ( aclpb->aclpb_max_member_sizelimit < -1 ) {
 
-		/* handle the case of a negtive size limit either set or due
 
-		 * to bug bz1065971. The member size limit should be dropped,
 
-		 * but for backward compatibility to the best we can
 
-		 */
 
-		aclpb->aclpb_max_member_sizelimit = -1;
 
-	}
 
 	slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &aclpb->aclpb_optype );
 
 
 	aclpb->aclpb_signature = acl_get_aclsignature();

+ 0 - 11
ldap/servers/plugins/acl/acllas.c
View File 

@@ -1977,7 +1977,6 @@ acllas__user_ismember_of_group( struct acl_pblock *aclpb,
 
 	int			totalMembersVisited;
 
 	int			numOfMembers;
 
 	int			max_nestlevel;
 
-	int			max_memberlimit;
 
 	aclUserGroup		*u_group;
 
 	struct member_info	*groupMember = NULL;
 
 	struct member_info 	*parentGroup = NULL;
 
@@ -2062,7 +2061,6 @@ acllas__user_ismember_of_group( struct acl_pblock *aclpb,
 
 		info.clientCert = NULL;
 
 	info.aclpb = aclpb;
 
 
-	max_memberlimit = aclpb->aclpb_max_member_sizelimit;
 
 	max_nestlevel = aclpb->aclpb_max_nesting_level;
 
 
 #ifdef FOR_DEBUGGING
 
@@ -2140,15 +2138,6 @@ eval_another_member:
 
 		goto free_and_return;
 
 	}
 
 
-	/* limit of -1 means "no limit */
 
-	if (info.c_idx > max_memberlimit && 
-			max_memberlimit != -1 ) {
 
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name, 
-			"acllas__user_ismember_of_group - Looked at too many entries:(%d, %d)\n",
 
-				info.c_idx, info.lu_idx);
 
-		result = ACL_DONT_KNOW; /* don't try to cache info based on this result */
 
-		goto free_and_return;
 
-	}
 
 	if (info.lu_idx > info.c_idx) {
 
 		if (numOfMembers == (info.lu_idx - info.c_idx)) {
 
 			/* That means it's not a GROUP. It is just another