Full_Name: Rein Tollevik Version: CVS HEAD OS: Irrelevant URL: Submission from: (NULL) (2a01:600:0:1:21c:23ff:feab:61cd) Submitted by: rein

The ACL state cache appears to be broken, there are at least three problems with the current implementation:

1) The as_vi_acl is always NULL, which causes value-independent caching to newer function. Which is where the cache would be most useful..

2) The current access mask is lost when the acl where processing can continue for a value dependent attribute is stored. I.e, if incrementally assigned access masks is in use it restarts with the wrong mask.

3) Access is always denied if a combined add/replace or delete/replace operation is performed on an attribute with a value-dependent acl. Yes, it is a completely stupid thing to do as the added or deleted value will be immediately replaced. Problem noted when debugging a stupid application..

A patch that fixes these problems is coming.

-- Rein Tollevik Basefarm AS