andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Blob Blame History Raw
From 961d91d16f26f03812c83143cbb7dc3e37677bf6 Mon Sep 17 00:00:00 2001
From: William Brown <william@blackhats.net.au>
Date: Wed, 18 Dec 2019 13:14:24 +1000
Subject: [PATCH 1/2] Ticket 50727 - change syntax validate by default in 1.4.2

Bug Description: The default syntax validate for 1.4.2 should be changed to
a softer introduction so that admins have time to prepare for the change
of query behaviour in 1.4.3.

Fix Description: Change default in 1.4.2 to warn-invalid, 1.4.3 will
remain as process-safe.

https://pagure.io/389-ds-base/issue/50727

Author: William Brown <william@blackhats.net.au>

Review by: tbordaz (Thanks)
---
 ldap/servers/slapd/libglobs.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index db61ee0b8..b9cdb6b37 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1783,7 +1783,7 @@ FrontendConfig_init(void)
      * scheme set in cn=config
      */
     init_enable_upgrade_hash = cfg->enable_upgrade_hash = LDAP_ON;
-    init_verify_filter_schema = cfg->verify_filter_schema = SLAPI_WARN;
+    init_verify_filter_schema = cfg->verify_filter_schema = SLAPI_WARN_UNSAFE;
 
     /* Done, unlock!  */
     CFG_UNLOCK_WRITE(cfg);
@@ -7689,7 +7689,7 @@ config_set_onoffwarn(slapdFrontendConfig_t *slapdFrontendConfig, slapi_onwarnoff
         return LDAP_OPERATIONS_ERROR;
     }
 
-    slapi_onwarnoff_t p_val = SLAPI_OFF;
+    slapi_special_filter_verify_t p_val = SLAPI_WARN_UNSAFE;
 
     if (strcasecmp(value, "on") == 0) {
         p_val = SLAPI_ON;
@@ -8033,8 +8033,8 @@ config_set_value(
         } else if (*((slapi_onwarnoff_t *)value) == SLAPI_WARN) {
             slapi_entry_attr_set_charptr(e, cgas->attr_name, "warn");
         } else {
-            slapi_entry_attr_set_charptr(e, cgas->attr_name, "off");
-            /* Default to off. */
+            /* Default to safe warn-proccess-safely */
+            slapi_entry_attr_set_charptr(e, cgas->attr_name, "warn-invalid");
         }
 
         break;
-- 
2.21.1