From 961d91d16f26f03812c83143cbb7dc3e37677bf6 Mon Sep 17 00:00:00 2001
From: William Brown <william@blackhats.net.au>
Date: Wed, 18 Dec 2019 13:14:24 +1000
Subject: [PATCH 1/2] Ticket 50727 - change syntax validate by default in 1.4.2
Bug Description: The default syntax validate for 1.4.2 should be changed to
a softer introduction so that admins have time to prepare for the change
of query behaviour in 1.4.3.
Fix Description: Change default in 1.4.2 to warn-invalid, 1.4.3 will
remain as process-safe.
https://pagure.io/389-ds-base/issue/50727
Author: William Brown <william@blackhats.net.au>
Review by: tbordaz (Thanks)
---
ldap/servers/slapd/libglobs.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index db61ee0b8..b9cdb6b37 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1783,7 +1783,7 @@ FrontendConfig_init(void)
* scheme set in cn=config
*/
init_enable_upgrade_hash = cfg->enable_upgrade_hash = LDAP_ON;
- init_verify_filter_schema = cfg->verify_filter_schema = SLAPI_WARN;
+ init_verify_filter_schema = cfg->verify_filter_schema = SLAPI_WARN_UNSAFE;
/* Done, unlock! */
CFG_UNLOCK_WRITE(cfg);
@@ -7689,7 +7689,7 @@ config_set_onoffwarn(slapdFrontendConfig_t *slapdFrontendConfig, slapi_onwarnoff
return LDAP_OPERATIONS_ERROR;
}
- slapi_onwarnoff_t p_val = SLAPI_OFF;
+ slapi_special_filter_verify_t p_val = SLAPI_WARN_UNSAFE;
if (strcasecmp(value, "on") == 0) {
p_val = SLAPI_ON;
@@ -8033,8 +8033,8 @@ config_set_value(
} else if (*((slapi_onwarnoff_t *)value) == SLAPI_WARN) {
slapi_entry_attr_set_charptr(e, cgas->attr_name, "warn");
} else {
- slapi_entry_attr_set_charptr(e, cgas->attr_name, "off");
- /* Default to off. */
+ /* Default to safe warn-proccess-safely */
+ slapi_entry_attr_set_charptr(e, cgas->attr_name, "warn-invalid");
}
break;
--
2.21.1