[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6287) ACL state cache problems

Full_Name: Rein Tollevik
Version: CVS HEAD
OS: Irrelevant
Submission from: (NULL) (2a01:600:0:1:21c:23ff:feab:61cd)
Submitted by: rein

The ACL state cache appears to be broken, there are at least three
problems with the current implementation:

1) The as_vi_acl is always NULL, which causes value-independent
caching to newer function.  Which is where the cache would be
most useful..

2) The current access mask is lost when the acl where processing
can continue for a value dependent attribute is stored.  I.e, if
incrementally assigned access masks is in use it restarts with
the wrong mask.

3) Access is always denied if a combined add/replace or
delete/replace operation is performed on an attribute with a
value-dependent acl.  Yes, it is a completely stupid thing to do
as the added or deleted value will be immediately replaced.
Problem noted when debugging a stupid application..

A patch that fixes these problems is coming.

Rein Tollevik
Basefarm AS