1 /* limits.c - routines to handle regex-based size and time limits */
3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
20 struct slap_limits_set **limit
23 struct slap_limits **lm;
31 *limit = &be->be_def_limit;
33 if ( be->be_limits == NULL ) {
37 for ( lm = be->be_limits; lm[0] != NULL; lm++ ) {
38 switch ( lm[0]->lm_type ) {
39 case SLAP_LIMITS_EXACT:
40 if ( ndn == NULL || ndn[0] == '\0' ) {
43 if ( strcmp( lm[0]->lm_dn_pat->bv_val, ndn ) == 0 ) {
44 *limit = &lm[0]->lm_limits;
50 case SLAP_LIMITS_SUBTREE:
51 case SLAP_LIMITS_CHILDREN: {
54 if ( ndn == NULL || ndn[0] == '\0' ) {
58 d = strlen( ndn ) - lm[0]->lm_dn_pat->bv_len;
59 /* ndn shorter than dn_pat */
64 /* allow exact match for SUBTREE only */
66 if ( lm[0]->lm_type != SLAP_LIMITS_SUBTREE ) {
70 /* check for unescaped rdn separator */
71 if ( !DN_SEPARATOR( ndn[d-1] ) || DN_ESCAPE( ndn[d-2] ) ) {
76 /* in case of (sub)match ... */
77 if ( strcmp( lm[0]->lm_dn_pat->bv_val, &ndn[d] ) == 0 ) {
78 /* check for exacctly one rdn in case of ONE */
79 if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) {
83 * if ndn is more that one rdn
84 * below dn_pat, continue
86 rdn = dn_rdn( NULL, ndn );
87 if ( strlen( rdn ) != d - 1 ) {
92 *limit = &lm[0]->lm_limits;
99 case SLAP_LIMITS_REGEX:
100 if ( ndn == NULL || ndn[0] == '\0' ) {
103 if ( regexec( &lm[0]->lm_dn_regex, ndn, 0, NULL, 0 ) == 0 ) {
104 *limit = &lm[0]->lm_limits;
109 case SLAP_LIMITS_ANONYMOUS:
110 if ( ndn == NULL || ndn[0] == '\0' ) {
111 *limit = &lm[0]->lm_limits;
116 case SLAP_LIMITS_USERS:
117 if ( ndn != NULL && ndn[0] != '\0' ) {
118 *limit = &lm[0]->lm_limits;
124 assert( 0 ); /* unreachable */
137 struct slap_limits_set *limit
141 struct slap_limits *lm;
146 lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 );
149 case SLAP_LIMITS_EXACT:
150 case SLAP_LIMITS_ONE:
151 case SLAP_LIMITS_SUBTREE:
152 case SLAP_LIMITS_CHILDREN:
154 lm->lm_dn_pat = ber_bvstrdup( pattern );
155 if ( dn_normalize( lm->lm_dn_pat->bv_val ) == NULL ) {
156 ber_bvfree( lm->lm_dn_pat );
162 case SLAP_LIMITS_REGEX:
163 case SLAP_LIMITS_UNDEFINED:
164 lm->lm_type = SLAP_LIMITS_REGEX;
165 lm->lm_dn_pat = ber_bvstrdup( pattern );
166 if ( regcomp( &lm->lm_dn_regex, lm->lm_dn_pat->bv_val,
167 REG_EXTENDED | REG_ICASE ) ) {
168 ber_bvfree( lm->lm_dn_pat );
174 case SLAP_LIMITS_ANONYMOUS:
175 case SLAP_LIMITS_USERS:
177 lm->lm_dn_pat = NULL;
181 lm->lm_limits = *limit;
184 if ( be->be_limits != NULL ) {
185 for ( ; be->be_limits[i]; i++ );
188 be->be_limits = ( struct slap_limits ** )ch_realloc( be->be_limits,
189 sizeof( struct slap_limits * ) * ( i + 2 ) );
190 be->be_limits[i] = lm;
191 be->be_limits[i+1] = NULL;
205 int type = SLAP_LIMITS_UNDEFINED;
207 struct slap_limits_set limit;
214 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
215 "%s : line %d: missing arg(s) in "
216 "\"limits <pattern> <limits>\" line.\n",
219 Debug( LDAP_DEBUG_ANY,
220 "%s : line %d: missing arg(s) in "
221 "\"limits <pattern> <limits>\" line.\n%s",
227 limit = be->be_def_limit;
232 * "limits" <pattern> <limit> [ ... ]
239 * [ "dn" [ "." { "exact" | "base" | "one" | "sub" | children"
240 * | "regex" | "anonymous" } ] "=" ] <dn pattern>
243 * "exact" and "base" are the same (exact match);
244 * "one" means exactly one rdn below, NOT including the pattern
245 * "sub" means any rdn below, including the pattern
246 * "children" means any rdn below, NOT including the pattern
248 * "anonymous" may be deprecated in favour
249 * of the pattern = "anonymous" form
254 * "time" [ "." { "soft" | "hard" } ] "=" <integer>
256 * "size" [ "." { "soft" | "hard" | "unchecked" } ] "=" <integer>
260 if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
261 type = SLAP_LIMITS_ANONYMOUS;
263 } else if ( strcasecmp( pattern, "users" ) == 0 ) {
264 type = SLAP_LIMITS_USERS;
266 } else if ( strncasecmp( pattern, "dn", 2 ) == 0 ) {
268 if ( pattern[0] == '.' ) {
270 if ( strncasecmp( pattern, "exact", 5 ) == 0 ) {
271 type = SLAP_LIMITS_EXACT;
274 } else if ( strncasecmp( pattern, "base", 4 ) == 0 ) {
275 type = SLAP_LIMITS_BASE;
278 } else if ( strncasecmp( pattern, "one", 3 ) == 0 ) {
279 type = SLAP_LIMITS_ONE;
282 } else if ( strncasecmp( pattern, "subtree", 7 ) == 0 ) {
283 type = SLAP_LIMITS_SUBTREE;
286 } else if ( strncasecmp( pattern, "children", 8 ) == 0 ) {
287 type = SLAP_LIMITS_CHILDREN;
290 } else if ( strncasecmp( pattern, "regex", 5 ) == 0 ) {
291 type = SLAP_LIMITS_REGEX;
295 * this could be deprecated in favour
296 * of the pattern = "anonymous" form
298 } else if ( strncasecmp( pattern, "anonymous", 9 ) == 0 ) {
299 type = SLAP_LIMITS_ANONYMOUS;
304 /* pre-check the data */
306 case SLAP_LIMITS_ANONYMOUS:
307 case SLAP_LIMITS_USERS:
309 /* no need for pattern */
314 if ( pattern[0] != '=' ) {
316 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
317 "%s : line %d: missing '=' in "
318 "\"dn[.{exact|base|one|subtree"
319 "|children|regex|anonymous}]"
321 "\"limits <pattern> <limits>\" line.\n",
324 Debug( LDAP_DEBUG_ANY,
325 "%s : line %d: missing '=' in "
326 "\"dn[.{exact|base|one|subtree"
327 "|children|regex|anonymous}]"
329 "\"limits <pattern> <limits>\" "
336 /* skip '=' (required) */
342 for ( i = 2; i < argc; i++ ) {
343 if ( parse_limit( argv[i], &limit ) ) {
346 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
347 "%s : line %d: unknown limit type \"%s\" in "
348 "\"limits <pattern> <limits>\" line.\n",
349 fname, lineno, argv[i] ));
351 Debug( LDAP_DEBUG_ANY,
352 "%s : line %d: unknown limit type \"%s\" in "
353 "\"limits <pattern> <limits>\" line.\n",
354 fname, lineno, argv[i] );
364 if ( limit.lms_t_hard > 0 && limit.lms_t_hard < limit.lms_t_soft ) {
365 limit.lms_t_hard = limit.lms_t_soft;
368 if ( limit.lms_s_hard > 0 && limit.lms_s_hard < limit.lms_s_soft ) {
369 limit.lms_s_hard = limit.lms_s_soft;
372 return( add_limits( be, type, pattern, &limit ) );
378 struct slap_limits_set *limit
384 if ( strncasecmp( arg, "time", 4 ) == 0 ) {
387 if ( arg[0] == '.' ) {
389 if ( strncasecmp( arg, "soft", 4 ) == 0 ) {
391 if ( arg[0] != '=' ) {
395 limit->lms_t_soft = atoi( arg );
397 } else if ( strncasecmp( arg, "hard", 4 ) == 0 ) {
399 if ( arg[0] != '=' ) {
403 if ( strcasecmp( arg, "soft" ) == 0 ) {
404 limit->lms_t_hard = 0;
405 } else if ( strcasecmp( arg, "none" ) == 0 ) {
406 limit->lms_t_hard = -1;
408 limit->lms_t_hard = atoi( arg );
415 } else if ( arg[0] == '=' ) {
416 limit->lms_t_soft = atoi( arg );
417 limit->lms_t_hard = 0;
423 } else if ( strncasecmp( arg, "size", 4 ) == 0 ) {
426 if ( arg[0] == '.' ) {
428 if ( strncasecmp( arg, "soft", 4 ) == 0 ) {
430 if ( arg[0] != '=' ) {
434 limit->lms_s_soft = atoi( arg );
436 } else if ( strncasecmp( arg, "hard", 4 ) == 0 ) {
438 if ( arg[0] != '=' ) {
442 if ( strcasecmp( arg, "soft" ) == 0 ) {
443 limit->lms_s_hard = 0;
444 } else if ( strcasecmp( arg, "none" ) == 0 ) {
445 limit->lms_s_hard = -1;
447 limit->lms_s_hard = atoi( arg );
450 } else if ( strncasecmp( arg, "unchecked", 9 ) == 0 ) {
452 if ( arg[0] != '=' ) {
456 if ( strcasecmp( arg, "none" ) == 0 ) {
457 limit->lms_s_unchecked = -1;
459 limit->lms_s_unchecked = atoi( arg );
466 } else if ( arg[0] == '=' ) {
467 limit->lms_s_soft = atoi( arg );
468 limit->lms_s_hard = 0;
projects / openldap / blob