Re: sizelimit evaluated before ACLs?

[Pierangelo Masarati <ando@sys-net.it>]

On Wed, 2005-11-23 at 21:29 -0800, Kurt D. Zeilenga wrote:
> I think the general assumption was that if the client
> has some search permission (check by test_filter
> prior to calling send_search_entry), it has read on
> "entry".  Now, with overlays and other things happening,
> having send_search_result indicate whether or not an entry
> was actually sent (or possibly the number of entries
> sent?) would be a good idea.

I've looked at the code; we could make slap_send_search_entry() check
for sizelimit right before sending the IR response and, in case, rather
send a search response with sizelimitExceeded; then, the caller should
check the error code and, if set to sizelimitExceeded, behave
accordingly.  This wouldn't even break pagedResponse in back-bdb/back-
hdb, as far as I understand.

However, I'm a bit skeptical about sending the response from there,
because the callbacks have already been run thru, but cleanup handlers
haven't yet.  Instead of making the code too hairy, and risk losing
those callbacks that self-extract them from the list, maybe
slap_send_search_entry() could just send nothing, and notify the
database that sizelimitExceeded should be sent would be better.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------