[Date Prev][Date Next]
ACLs broken by ITS#5419
Full_Name: Rein Tollevik
Version: CVS head
OS: linux, solaris
Submission from: (NULL) (220.127.116.11)
The change to servers/slapd/backend.c for ITS#5416 seem to have broken the
ability for group and set statements in access control lines to refer to entries
outside the backend currently being operated on.
This is caused by op->op_bd being set back to the backend being operated on when
backend_group() was called, not the backend returned by select_backend() for the
group being referred to as was always done before this change was made.
>From what I can see of the cases where backend_group() is called (i.e in ACLs,
limits and the dynlist and dyngroup overlays) I think the correct fix is to back
out this changes as far as that function is conserned. But I don't know enough
of other consequences, so I haven't tried it.