libcli/security: note suboptimality of conditional ACE Contains opera…

…tors The Contains and Any_of operators could use a sorted comparison like compare_composites_via_sort(), rather than O(n²) nested loops. But that would involve amount of quite fiddly work that I am not starting on now. Signed-off-by: Douglas Bagnall <[email protected]> Reviewed-by: Andrew Bartlett <[email protected]> Autobuild-User(master): Andrew Bartlett <[email protected]> Autobuild-Date(master): Mon Nov 27 23:38:13 UTC 2023 on atb-devel-224
Orval1 · Nov 27, 2023 · a757a51 · a757a51
1 parent 2eb00c0
commit a757a51
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
@@ -1960,6 +1960,10 @@ static bool contains_operator(const struct ace_condition_token *lhs,
 	 *
 	 * Both the lhs or rhs can be solitary objects or composites.
 	 * This makes it a bit fiddlier.
+	 *
+	 * NOTE: this operator does not take advantage of the
+	 * CLAIM_SECURITY_ATTRIBUTE_UNIQUE_AND_SORTED flag. It could, but it
+	 * doesn't.
 	 */
 	if (lhs->type == CONDITIONAL_ACE_TOKEN_COMPOSITE) {
 		struct ace_condition_composite candidates = lhs->data.composite;