[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7392) ACL a_dn.a_self is skipped in case of "acl_mask: to all values ..."



Hi,

applying the patch linked below both previously mentioned operations 
produce the following log

Operation 1: log level 128
==========================
505573f8 => access_allowed: delete access to 
"cn=group,dc=example,dc=org" "owner" requested
505573f8 => dn: [1] dc=example,dc=org
505573f8 => dn: [2] dc=example,dc=org
505573f8 => acl_get: [2] matched
505573f8 => acl_get: [2] attr owner
505573f8 => acl_mask: access to entry "cn=group,dc=example,dc=org", attr 
"owner" requested
505573f8 => acl_mask: to value by "uid=user,dc=example,dc=org", (=0)
505573f8 <= check a_dn_at: owner
505573f8 <= acl_mask: [1] applying read(=rscxd) (stop)
505573f8 <= acl_mask: [1] mask: read(=rscxd)
505573f8 => slap_access_allowed: delete access denied by read(=rscxd)
505573f8 => access_allowed: no more rules
505573f8 => access_allowed: result not in cache (owner)


Operation 2: log level 128
==========================
505573f8 => access_allowed: delete access to 
"cn=group,dc=example,dc=org" "owner" requested
505573f8 => dn: [1] dc=example,dc=org
505573f8 => dn: [2] dc=example,dc=org
505573f8 => acl_get: [2] matched
505573f8 => acl_get: [2] attr owner
505573f8 => acl_mask: access to entry "cn=group,dc=example,dc=org", attr 
"owner" requested
505573f8 => acl_mask: to all values by "uid=user,dc=example,dc=org", (=0)
505573f8 => acl_mask: to self, attr "owner"
505573f8 <= check a_dn_at: owner
505573f8 <= acl_mask: [1] applying read(=rscxd) (stop)
505573f8 <= acl_mask: [1] mask: read(=rscxd)
505573f8 => slap_access_allowed: delete access denied by read(=rscxd)
505573f8 => access_allowed: no more rules


ftp://ftp.openldap.org/incoming/Daniel-Pluta-120916.patch

DISCLAIMER: It's not heavyly tested. I don't know whether the patch 
causes negative sideeffects elsewhere.