[Date Prev][Date Next]
(ITS#6287) ACL state cache problems
Full_Name: Rein Tollevik
Version: CVS HEAD
Submission from: (NULL) (2a01:600:0:1:21c:23ff:feab:61cd)
Submitted by: rein
The ACL state cache appears to be broken, there are at least three
problems with the current implementation:
1) The as_vi_acl is always NULL, which causes value-independent
caching to newer function. Which is where the cache would be
2) The current access mask is lost when the acl where processing
can continue for a value dependent attribute is stored. I.e, if
incrementally assigned access masks is in use it restarts with
the wrong mask.
3) Access is always denied if a combined add/replace or
delete/replace operation is performed on an attribute with a
value-dependent acl. Yes, it is a completely stupid thing to do
as the added or deleted value will be immediately replaced.
Problem noted when debugging a stupid application..
A patch that fixes these problems is coming.