1 /* limits.c - routines to handle regex-based size and time limits */
3 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
20 struct slap_limits_set **limit
23 struct slap_limits **lm;
31 *limit = &be->be_def_limit;
33 if ( be->be_limits == NULL ) {
37 for ( lm = be->be_limits; lm[0] != NULL; lm++ ) {
38 switch ( lm[0]->lm_type ) {
39 case SLAP_LIMITS_EXACT:
40 if ( ndn->bv_len == 0 ) {
43 if ( dn_match( &lm[0]->lm_dn_pat, ndn ) ) {
44 *limit = &lm[0]->lm_limits;
50 case SLAP_LIMITS_SUBTREE:
51 case SLAP_LIMITS_CHILDREN: {
54 if ( ndn->bv_len == 0 ) {
58 /* ndn shorter than dn_pat */
59 if ( ndn->bv_len < lm[0]->lm_dn_pat.bv_len ) {
62 d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len;
64 /* allow exact match for SUBTREE only */
66 if ( lm[0]->lm_type != SLAP_LIMITS_SUBTREE ) {
70 /* check for unescaped rdn separator */
71 if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) ) {
76 /* in case of (sub)match ... */
77 if ( lm[0]->lm_dn_pat.bv_len == ( ndn->bv_len - d )
78 && strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) {
79 /* check for exactly one rdn in case of ONE */
80 if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) {
82 * if ndn is more that one rdn
83 * below dn_pat, continue
85 if ( (size_t) dn_rdnlen( NULL, ndn ) != d - 1 ) {
90 *limit = &lm[0]->lm_limits;
97 case SLAP_LIMITS_REGEX:
98 if ( ndn->bv_len == 0 ) {
101 if ( regexec( &lm[0]->lm_dn_regex, ndn->bv_val, 0, NULL, 0 )
104 *limit = &lm[0]->lm_limits;
109 case SLAP_LIMITS_ANONYMOUS:
110 if ( ndn->bv_len == 0 ) {
111 *limit = &lm[0]->lm_limits;
116 case SLAP_LIMITS_USERS:
117 if ( ndn->bv_len != 0 ) {
118 *limit = &lm[0]->lm_limits;
123 case SLAP_LIMITS_ANY:
124 *limit = &lm[0]->lm_limits;
128 assert( 0 ); /* unreachable */
141 struct slap_limits_set *limit
145 struct slap_limits *lm;
150 lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 );
153 case SLAP_LIMITS_EXACT:
154 case SLAP_LIMITS_ONE:
155 case SLAP_LIMITS_SUBTREE:
156 case SLAP_LIMITS_CHILDREN:
161 bv.bv_val = (char *) pattern;
162 bv.bv_len = strlen( pattern );
164 rc = dnNormalize2( NULL, &bv, &lm->lm_dn_pat );
165 if ( rc != LDAP_SUCCESS ) {
172 case SLAP_LIMITS_REGEX:
173 case SLAP_LIMITS_UNDEFINED:
174 lm->lm_type = SLAP_LIMITS_REGEX;
175 ber_str2bv( pattern, 0, 1, &lm->lm_dn_pat );
176 if ( regcomp( &lm->lm_dn_regex, lm->lm_dn_pat.bv_val,
177 REG_EXTENDED | REG_ICASE ) ) {
178 free( lm->lm_dn_pat.bv_val );
184 case SLAP_LIMITS_ANONYMOUS:
185 case SLAP_LIMITS_USERS:
186 case SLAP_LIMITS_ANY:
188 lm->lm_dn_pat.bv_val = NULL;
189 lm->lm_dn_pat.bv_len = 0;
193 lm->lm_limits = *limit;
196 if ( be->be_limits != NULL ) {
197 for ( ; be->be_limits[i]; i++ );
200 be->be_limits = ( struct slap_limits ** )ch_realloc( be->be_limits,
201 sizeof( struct slap_limits * ) * ( i + 2 ) );
202 be->be_limits[i] = lm;
203 be->be_limits[i+1] = NULL;
217 int type = SLAP_LIMITS_UNDEFINED;
219 struct slap_limits_set limit;
226 LDAP_LOG( CONFIG, CRIT,
227 "%s : line %d: missing arg(s) in "
228 "\"limits <pattern> <limits>\" line.\n", fname, lineno, 0 );
230 Debug( LDAP_DEBUG_ANY,
231 "%s : line %d: missing arg(s) in "
232 "\"limits <pattern> <limits>\" line.\n%s",
238 limit = be->be_def_limit;
243 * "limits" <pattern> <limit> [ ... ]
250 * [ "dn" [ "." { "exact" | "base" | "one" | "sub" | children"
251 * | "regex" | "anonymous" } ] "=" ] <dn pattern>
254 * "exact" and "base" are the same (exact match);
255 * "one" means exactly one rdn below, NOT including the pattern
256 * "sub" means any rdn below, including the pattern
257 * "children" means any rdn below, NOT including the pattern
259 * "anonymous" may be deprecated in favour
260 * of the pattern = "anonymous" form
265 * "time" [ "." { "soft" | "hard" } ] "=" <integer>
267 * "size" [ "." { "soft" | "hard" | "unchecked" } ] "=" <integer>
271 if ( strcmp( pattern, "*" ) == 0) {
272 type = SLAP_LIMITS_ANY;
274 } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
275 type = SLAP_LIMITS_ANONYMOUS;
277 } else if ( strcasecmp( pattern, "users" ) == 0 ) {
278 type = SLAP_LIMITS_USERS;
280 } else if ( strncasecmp( pattern, "dn", 2 ) == 0 ) {
282 if ( pattern[0] == '.' ) {
284 if ( strncasecmp( pattern, "exact", 5 ) == 0 ) {
285 type = SLAP_LIMITS_EXACT;
288 } else if ( strncasecmp( pattern, "base", 4 ) == 0 ) {
289 type = SLAP_LIMITS_BASE;
292 } else if ( strncasecmp( pattern, "one", 3 ) == 0 ) {
293 type = SLAP_LIMITS_ONE;
296 } else if ( strncasecmp( pattern, "subtree", 7 ) == 0 ) {
297 type = SLAP_LIMITS_SUBTREE;
300 } else if ( strncasecmp( pattern, "children", 8 ) == 0 ) {
301 type = SLAP_LIMITS_CHILDREN;
304 } else if ( strncasecmp( pattern, "regex", 5 ) == 0 ) {
305 type = SLAP_LIMITS_REGEX;
309 * this could be deprecated in favour
310 * of the pattern = "anonymous" form
312 } else if ( strncasecmp( pattern, "anonymous", 9 ) == 0 ) {
313 type = SLAP_LIMITS_ANONYMOUS;
318 /* pre-check the data */
320 case SLAP_LIMITS_ANONYMOUS:
321 case SLAP_LIMITS_USERS:
323 /* no need for pattern */
328 if ( pattern[0] != '=' ) {
330 LDAP_LOG( CONFIG, CRIT,
331 "%s : line %d: missing '=' in "
332 "\"dn[.{exact|base|one|subtree"
333 "|children|regex|anonymous}]" "=<pattern>\" in "
334 "\"limits <pattern> <limits>\" line.\n", fname, lineno, 0 );
336 Debug( LDAP_DEBUG_ANY,
337 "%s : line %d: missing '=' in "
338 "\"dn[.{exact|base|one|subtree"
339 "|children|regex|anonymous}]"
341 "\"limits <pattern> <limits>\" "
348 /* skip '=' (required) */
351 /* trim obvious cases */
352 if ( strcmp( pattern, "*" ) == 0 ) {
353 type = SLAP_LIMITS_ANY;
356 } else if ( ( type == SLAP_LIMITS_REGEX || type == SLAP_LIMITS_UNDEFINED )
357 && strcmp( pattern, ".*" ) == 0 ) {
358 type = SLAP_LIMITS_ANY;
365 for ( i = 2; i < argc; i++ ) {
366 if ( parse_limit( argv[i], &limit ) ) {
369 LDAP_LOG( CONFIG, CRIT,
370 "%s : line %d: unknown limit type \"%s\" in "
371 "\"limits <pattern> <limits>\" line.\n",
372 fname, lineno, argv[i] );
374 Debug( LDAP_DEBUG_ANY,
375 "%s : line %d: unknown limit type \"%s\" in "
376 "\"limits <pattern> <limits>\" line.\n",
377 fname, lineno, argv[i] );
387 if ( limit.lms_t_hard > 0 && limit.lms_t_hard < limit.lms_t_soft ) {
388 limit.lms_t_hard = limit.lms_t_soft;
391 if ( limit.lms_s_hard > 0 && limit.lms_s_hard < limit.lms_s_soft ) {
392 limit.lms_s_hard = limit.lms_s_soft;
395 return( add_limits( be, type, pattern, &limit ) );
401 struct slap_limits_set *limit
407 if ( strncasecmp( arg, "time", 4 ) == 0 ) {
410 if ( arg[0] == '.' ) {
412 if ( strncasecmp( arg, "soft", 4 ) == 0 ) {
414 if ( arg[0] != '=' ) {
418 limit->lms_t_soft = atoi( arg );
420 } else if ( strncasecmp( arg, "hard", 4 ) == 0 ) {
422 if ( arg[0] != '=' ) {
426 if ( strcasecmp( arg, "soft" ) == 0 ) {
427 limit->lms_t_hard = 0;
428 } else if ( strcasecmp( arg, "none" ) == 0 ) {
429 limit->lms_t_hard = -1;
431 limit->lms_t_hard = atoi( arg );
438 } else if ( arg[0] == '=' ) {
440 limit->lms_t_soft = atoi( arg );
441 limit->lms_t_hard = 0;
447 } else if ( strncasecmp( arg, "size", 4 ) == 0 ) {
450 if ( arg[0] == '.' ) {
452 if ( strncasecmp( arg, "soft", 4 ) == 0 ) {
454 if ( arg[0] != '=' ) {
458 limit->lms_s_soft = atoi( arg );
460 } else if ( strncasecmp( arg, "hard", 4 ) == 0 ) {
462 if ( arg[0] != '=' ) {
466 if ( strcasecmp( arg, "soft" ) == 0 ) {
467 limit->lms_s_hard = 0;
468 } else if ( strcasecmp( arg, "none" ) == 0 ) {
469 limit->lms_s_hard = -1;
471 limit->lms_s_hard = atoi( arg );
474 } else if ( strncasecmp( arg, "unchecked", 9 ) == 0 ) {
476 if ( arg[0] != '=' ) {
480 if ( strcasecmp( arg, "none" ) == 0 ) {
481 limit->lms_s_unchecked = -1;
483 limit->lms_s_unchecked = atoi( arg );
490 } else if ( arg[0] == '=' ) {
492 limit->lms_s_soft = atoi( arg );
493 limit->lms_s_hard = 0;
projects / openldap / blob