[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control 'set=' problem (ITS#3140)



> I think I got it: the function that evaluates if a set matches
> calls aci_match_set(), which on turn calls backend_attribute()
> to access the specific attribute that's used by the set in a
> backend-independent manner.  This function has been recently
> reworked to only access those attributes that can be actually
> accessed by the requester, i.e. it assesses access permission
> as well, causing the andless recursion I mentioned earlier.
>
> I think a solution would be to specialize backend_attribute to
> skip ACL check on certain calls.  I'll have a look at it.

It should now be fixed in HEAD; please test.  Thanks for reporting
the problem.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497