1 /* limits.c - routines to handle regex-based size and time limits */
3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
20 struct slap_limits_set **limit
23 struct slap_limits **lm;
31 *limit = &be->be_def_limit;
33 if ( be->be_limits == NULL ) {
37 for ( lm = be->be_limits; lm[0] != NULL; lm++ ) {
38 switch ( lm[0]->lm_type ) {
39 case SLAP_LIMITS_EXACT:
40 if ( ndn->bv_len == 0 ) {
43 if ( dn_match( &lm[0]->lm_dn_pat, ndn ) ) {
44 *limit = &lm[0]->lm_limits;
50 case SLAP_LIMITS_SUBTREE:
51 case SLAP_LIMITS_CHILDREN: {
54 if ( ndn->bv_len == 0 ) {
58 /* ndn shorter than dn_pat */
59 if ( ndn->bv_len < lm[0]->lm_dn_pat.bv_len ) {
62 d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len;
64 /* allow exact match for SUBTREE only */
66 if ( lm[0]->lm_type != SLAP_LIMITS_SUBTREE ) {
70 /* check for unescaped rdn separator */
71 if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) ) {
76 /* in case of (sub)match ... */
77 if ( lm[0]->lm_dn_pat.bv_len == ( ndn->bv_len - d )
78 && strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) {
79 /* check for exactly one rdn in case of ONE */
80 if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) {
82 * if ndn is more that one rdn
83 * below dn_pat, continue
85 if ( (size_t) dn_rdnlen( NULL, ndn ) != d - 1 ) {
90 *limit = &lm[0]->lm_limits;
97 case SLAP_LIMITS_REGEX:
98 if ( ndn->bv_len == 0 ) {
101 if ( regexec( &lm[0]->lm_dn_regex, ndn->bv_val, 0, NULL, 0 )
104 *limit = &lm[0]->lm_limits;
109 case SLAP_LIMITS_ANONYMOUS:
110 if ( ndn->bv_len == 0 ) {
111 *limit = &lm[0]->lm_limits;
116 case SLAP_LIMITS_USERS:
117 if ( ndn->bv_len != 0 ) {
118 *limit = &lm[0]->lm_limits;
123 case SLAP_LIMITS_ANY:
124 *limit = &lm[0]->lm_limits;
128 assert( 0 ); /* unreachable */
141 struct slap_limits_set *limit
145 struct slap_limits *lm;
151 case SLAP_LIMITS_ANONYMOUS:
152 case SLAP_LIMITS_USERS:
153 case SLAP_LIMITS_ANY:
154 for ( i = 0; be->be_limits && be->be_limits[ i ]; i++ ) {
155 if ( be->be_limits[ i ]->lm_type == type ) {
163 lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 );
166 case SLAP_LIMITS_EXACT:
167 case SLAP_LIMITS_ONE:
168 case SLAP_LIMITS_SUBTREE:
169 case SLAP_LIMITS_CHILDREN:
174 bv.bv_val = (char *) pattern;
175 bv.bv_len = strlen( pattern );
177 rc = dnNormalize( 0, NULL, NULL, &bv, &lm->lm_dn_pat, NULL );
178 if ( rc != LDAP_SUCCESS ) {
185 case SLAP_LIMITS_REGEX:
186 case SLAP_LIMITS_UNDEFINED:
187 lm->lm_type = SLAP_LIMITS_REGEX;
188 ber_str2bv( pattern, 0, 1, &lm->lm_dn_pat );
189 if ( regcomp( &lm->lm_dn_regex, lm->lm_dn_pat.bv_val,
190 REG_EXTENDED | REG_ICASE ) ) {
191 free( lm->lm_dn_pat.bv_val );
197 case SLAP_LIMITS_ANONYMOUS:
198 case SLAP_LIMITS_USERS:
199 case SLAP_LIMITS_ANY:
201 lm->lm_dn_pat.bv_val = NULL;
202 lm->lm_dn_pat.bv_len = 0;
206 lm->lm_limits = *limit;
209 if ( be->be_limits != NULL ) {
210 for ( ; be->be_limits[i]; i++ );
213 be->be_limits = ( struct slap_limits ** )ch_realloc( be->be_limits,
214 sizeof( struct slap_limits * ) * ( i + 2 ) );
215 be->be_limits[i] = lm;
216 be->be_limits[i+1] = NULL;
230 int type = SLAP_LIMITS_UNDEFINED;
232 struct slap_limits_set limit;
239 LDAP_LOG( CONFIG, CRIT,
240 "%s : line %d: missing arg(s) in "
241 "\"limits <pattern> <limits>\" line.\n", fname, lineno, 0 );
243 Debug( LDAP_DEBUG_ANY,
244 "%s : line %d: missing arg(s) in "
245 "\"limits <pattern> <limits>\" line.\n%s",
251 limit = be->be_def_limit;
256 * "limits" <pattern> <limit> [ ... ]
263 * [ "dn" [ "." { "exact" | "base" | "one" | "sub" | children"
264 * | "regex" | "anonymous" } ] "=" ] <dn pattern>
267 * "exact" and "base" are the same (exact match);
268 * "one" means exactly one rdn below, NOT including the pattern
269 * "sub" means any rdn below, including the pattern
270 * "children" means any rdn below, NOT including the pattern
272 * "anonymous" may be deprecated in favour
273 * of the pattern = "anonymous" form
278 * "time" [ "." { "soft" | "hard" } ] "=" <integer>
280 * "size" [ "." { "soft" | "hard" | "unchecked" } ] "=" <integer>
284 if ( strcmp( pattern, "*" ) == 0) {
285 type = SLAP_LIMITS_ANY;
287 } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
288 type = SLAP_LIMITS_ANONYMOUS;
290 } else if ( strcasecmp( pattern, "users" ) == 0 ) {
291 type = SLAP_LIMITS_USERS;
293 } else if ( strncasecmp( pattern, "dn", sizeof( "dn") - 1 ) == 0 ) {
295 if ( pattern[0] == '.' ) {
297 if ( strncasecmp( pattern, "exact", sizeof( "exact" ) - 1 ) == 0 ) {
298 type = SLAP_LIMITS_EXACT;
301 } else if ( strncasecmp( pattern, "base", sizeof( "base " ) - 1 ) == 0 ) {
302 type = SLAP_LIMITS_BASE;
305 } else if ( strncasecmp( pattern, "one", sizeof( "one" ) - 1 ) == 0 ) {
306 type = SLAP_LIMITS_ONE;
309 } else if ( strncasecmp( pattern, "subtree", sizeof( "subtree" ) - 1 ) == 0 ) {
310 type = SLAP_LIMITS_SUBTREE;
313 } else if ( strncasecmp( pattern, "children", sizeof( "children" ) - 1 ) == 0 ) {
314 type = SLAP_LIMITS_CHILDREN;
317 } else if ( strncasecmp( pattern, "regex", sizeof( "regex" ) - 1 ) == 0 ) {
318 type = SLAP_LIMITS_REGEX;
322 * this could be deprecated in favour
323 * of the pattern = "anonymous" form
325 } else if ( strncasecmp( pattern, "anonymous", sizeof( "anonymous" ) - 1 ) == 0 ) {
326 type = SLAP_LIMITS_ANONYMOUS;
331 /* pre-check the data */
333 case SLAP_LIMITS_ANONYMOUS:
334 case SLAP_LIMITS_USERS:
336 /* no need for pattern */
341 if ( pattern[0] != '=' ) {
343 LDAP_LOG( CONFIG, CRIT,
344 "%s : line %d: missing '=' in "
345 "\"dn[.{exact|base|one|subtree"
346 "|children|regex|anonymous}]" "=<pattern>\" in "
347 "\"limits <pattern> <limits>\" line.\n", fname, lineno, 0 );
349 Debug( LDAP_DEBUG_ANY,
350 "%s : line %d: missing '=' in "
351 "\"dn[.{exact|base|one|subtree"
352 "|children|regex|anonymous}]"
354 "\"limits <pattern> <limits>\" "
361 /* skip '=' (required) */
364 /* trim obvious cases */
365 if ( strcmp( pattern, "*" ) == 0 ) {
366 type = SLAP_LIMITS_ANY;
369 } else if ( ( type == SLAP_LIMITS_REGEX || type == SLAP_LIMITS_UNDEFINED )
370 && strcmp( pattern, ".*" ) == 0 ) {
371 type = SLAP_LIMITS_ANY;
378 for ( i = 2; i < argc; i++ ) {
379 if ( parse_limit( argv[i], &limit ) ) {
382 LDAP_LOG( CONFIG, CRIT,
383 "%s : line %d: unknown limit type \"%s\" in "
384 "\"limits <pattern> <limits>\" line.\n",
385 fname, lineno, argv[i] );
387 Debug( LDAP_DEBUG_ANY,
388 "%s : line %d: unknown limit type \"%s\" in "
389 "\"limits <pattern> <limits>\" line.\n",
390 fname, lineno, argv[i] );
400 if ( limit.lms_t_hard > 0 &&
401 ( limit.lms_t_hard < limit.lms_t_soft
402 || limit.lms_t_soft == -1 ) ) {
403 limit.lms_t_hard = limit.lms_t_soft;
406 if ( limit.lms_s_hard > 0 &&
407 ( limit.lms_s_hard < limit.lms_s_soft
408 || limit.lms_s_soft == -1 ) ) {
409 limit.lms_s_hard = limit.lms_s_soft;
412 rc = add_limits( be, type, pattern, &limit );
416 LDAP_LOG( CONFIG, CRIT,
417 "%s : line %d: unable to add limit in "
418 "\"limits <pattern> <limits>\" line.\n",
421 Debug( LDAP_DEBUG_ANY,
422 "%s : line %d: unable to add limit in "
423 "\"limits <pattern> <limits>\" line.\n",
434 struct slap_limits_set *limit
440 if ( strncasecmp( arg, "time", sizeof( "time" ) - 1 ) == 0 ) {
443 if ( arg[0] == '.' ) {
445 if ( strncasecmp( arg, "soft", sizeof( "soft" ) - 1 ) == 0 ) {
447 if ( arg[0] != '=' ) {
451 if ( strcasecmp( arg, "none" ) == 0 ) {
452 limit->lms_t_soft = -1;
457 strtol( arg, &next, 10 );
458 if ( next == arg || limit->lms_t_soft < -1 ) {
463 } else if ( strncasecmp( arg, "hard", sizeof( "hard" ) - 1 ) == 0 ) {
465 if ( arg[0] != '=' ) {
469 if ( strcasecmp( arg, "soft" ) == 0 ) {
470 limit->lms_t_hard = 0;
471 } else if ( strcasecmp( arg, "none" ) == 0 ) {
472 limit->lms_t_hard = -1;
477 strtol( arg, &next, 10 );
478 if ( next == arg || limit->lms_t_hard < -1 ) {
487 } else if ( arg[0] == '=' ) {
489 if ( strcasecmp( arg, "none" ) == 0 ) {
490 limit->lms_t_soft = -1;
494 limit->lms_t_soft = strtol( arg, &next, 10 );
495 if ( next == arg || limit->lms_t_soft < -1 ) {
499 limit->lms_t_hard = 0;
505 } else if ( strncasecmp( arg, "size", sizeof( "size" ) - 1 ) == 0 ) {
508 if ( arg[0] == '.' ) {
510 if ( strncasecmp( arg, "soft", sizeof( "soft" ) - 1 ) == 0 ) {
512 if ( arg[0] != '=' ) {
516 if ( strcasecmp( arg, "none" ) == 0 ) {
517 limit->lms_s_soft = -1;
522 strtol( arg, &next, 10 );
523 if ( next == arg || limit->lms_s_soft < -1 ) {
528 } else if ( strncasecmp( arg, "hard", sizeof( "hard" ) - 1 ) == 0 ) {
530 if ( arg[0] != '=' ) {
534 if ( strcasecmp( arg, "soft" ) == 0 ) {
535 limit->lms_s_hard = 0;
536 } else if ( strcasecmp( arg, "none" ) == 0 ) {
537 limit->lms_s_hard = -1;
542 strtol( arg, &next, 10 );
543 if ( next == arg || limit->lms_s_hard < -1 ) {
548 } else if ( strncasecmp( arg, "unchecked", sizeof( "unchecked" ) - 1 ) == 0 ) {
550 if ( arg[0] != '=' ) {
554 if ( strcasecmp( arg, "none" ) == 0 ) {
555 limit->lms_s_unchecked = -1;
559 limit->lms_s_unchecked =
560 strtol( arg, &next, 10 );
561 if ( next == arg || limit->lms_s_unchecked < -1 ) {
566 } else if ( strncasecmp( arg, "pr", sizeof( "pr" ) - 1 ) == 0 ) {
567 arg += sizeof( "pr" ) - 1;
568 if ( arg[0] != '=' ) {
572 if ( strcasecmp( arg, "noEstimate" ) == 0 ) {
573 limit->lms_s_pr_hide = 1;
578 strtol( arg, &next, 10 );
579 if ( next == arg || limit->lms_s_pr < -1 ) {
588 } else if ( arg[0] == '=' ) {
590 if ( strcasecmp( arg, "none" ) == 0 ) {
591 limit->lms_s_soft = -1;
595 limit->lms_s_soft = strtol( arg, &next, 10 );
596 if ( next == arg || limit->lms_s_soft < -1 ) {
600 limit->lms_s_hard = 0;
projects / openldap / blob