+
+ /* if root an no specific limit is required, allow unlimited search */
+ if ( isroot ) {
+ if ( op->oq_search.rs_tlimit == 0 ) {
+ op->oq_search.rs_tlimit = -1;
+ }
+
+ if ( op->oq_search.rs_slimit == 0 ) {
+ op->oq_search.rs_slimit = -1;
+ }
+
+ } else {
+ /* if no limit is required, use soft limit */
+ if ( op->oq_search.rs_tlimit <= 0 ) {
+ op->oq_search.rs_tlimit = limit->lms_t_soft;
+
+ /* if requested limit higher than hard limit, abort */
+ } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
+ /* no hard limit means use soft instead */
+ if ( limit->lms_t_hard == 0
+ && limit->lms_t_soft > -1
+ && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
+ op->oq_search.rs_tlimit = limit->lms_t_soft;
+
+ /* positive hard limit means abort */
+ } else if ( limit->lms_t_hard > 0 ) {
+ send_ldap_error( op, rs,
+ LDAP_ADMINLIMIT_EXCEEDED,
+ NULL );
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ /* negative hard limit means no limit */
+ }
+
+ /* if no limit is required, use soft limit */
+ if ( op->oq_search.rs_slimit <= 0 ) {
+ op->oq_search.rs_slimit = limit->lms_s_soft;
+
+ /* if requested limit higher than hard limit, abort */
+ } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
+ /* no hard limit means use soft instead */
+ if ( limit->lms_s_hard == 0
+ && limit->lms_s_soft > -1
+ && op->oq_search.rs_slimit > limit->lms_s_soft ) {
+ op->oq_search.rs_slimit = limit->lms_s_soft;
+
+ /* positive hard limit means abort */
+ } else if ( limit->lms_s_hard > 0 ) {
+ send_ldap_error( op, rs,
+ LDAP_ADMINLIMIT_EXCEEDED,
+ NULL );
+ rc = LDAP_SUCCESS;
+ goto done;
+ }
+
+ /* negative hard limit means no limit */
+ }
+ }
+
+ /* compute it anyway; root does not use it */
+ stoptime = op->o_time + op->oq_search.rs_tlimit;
+ rs->sr_attrs = op->oq_search.rs_attrs;