X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Flimits.c;h=c34e84882164cf464ffff65fed2ba270e8f16627;hb=9fc4a749dcecda7176cea4859fa8f51bbc91feff;hp=78388097ec16962b77e0a118d5f068304f2fca49;hpb=d0add35348c51d8a3807c6ffb9f14f0bb3009a36;p=openldap diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c index 78388097ec..c34e848821 100644 --- a/servers/slapd/limits.c +++ b/servers/slapd/limits.c @@ -1,6 +1,6 @@ /* limits.c - routines to handle regex-based size and time limits */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -40,7 +40,7 @@ get_limits( if ( ndn->bv_len == 0 ) { break; } - if ( strcmp( lm[0]->lm_dn_pat->bv_val, ndn->bv_val ) == 0 ) { + if ( dn_match( &lm[0]->lm_dn_pat, ndn ) ) { *limit = &lm[0]->lm_limits; return( 0 ); } @@ -55,11 +55,11 @@ get_limits( break; } - d = ndn->bv_len - lm[0]->lm_dn_pat->bv_len; /* ndn shorter than dn_pat */ - if ( d < 0 ) { + if ( ndn->bv_len < lm[0]->lm_dn_pat.bv_len ) { break; } + d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len; /* allow exact match for SUBTREE only */ if ( d == 0 ) { @@ -68,20 +68,21 @@ get_limits( } } else { /* check for unescaped rdn separator */ - if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) || DN_ESCAPE( ndn->bv_val[d-2] ) ) { + if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) ) { break; } } /* in case of (sub)match ... */ - if ( strcmp( lm[0]->lm_dn_pat->bv_val, &ndn->bv_val[d] ) == 0 ) { + if ( lm[0]->lm_dn_pat.bv_len == ( ndn->bv_len - d ) + && strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) { /* check for exactly one rdn in case of ONE */ if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) { /* * if ndn is more that one rdn * below dn_pat, continue */ - if ( (size_t) dn_rdnlen( NULL, ndn->bv_val ) != d - 1 ) { + if ( (size_t) dn_rdnlen( NULL, ndn ) != d - 1 ) { break; } } @@ -97,7 +98,9 @@ get_limits( if ( ndn->bv_len == 0 ) { break; } - if ( regexec( &lm[0]->lm_dn_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) { + if ( regexec( &lm[0]->lm_dn_regex, ndn->bv_val, 0, NULL, 0 ) + == 0 ) + { *limit = &lm[0]->lm_limits; return( 0 ); } @@ -117,6 +120,10 @@ get_limits( } break; + case SLAP_LIMITS_ANY: + *limit = &lm[0]->lm_limits; + return( 0 ); + default: assert( 0 ); /* unreachable */ return( -1 ); @@ -126,7 +133,7 @@ get_limits( return( 0 ); } -int +static int add_limits( Backend *be, int type, @@ -148,21 +155,27 @@ add_limits( case SLAP_LIMITS_SUBTREE: case SLAP_LIMITS_CHILDREN: lm->lm_type = type; - lm->lm_dn_pat = ber_bvstrdup( pattern ); - if ( dn_normalize( lm->lm_dn_pat->bv_val ) == NULL ) { - ber_bvfree( lm->lm_dn_pat ); - ch_free( lm ); - return( -1 ); + { + int rc; + struct berval bv; + bv.bv_val = (char *) pattern; + bv.bv_len = strlen( pattern ); + + rc = dnNormalize2( NULL, &bv, &lm->lm_dn_pat ); + if ( rc != LDAP_SUCCESS ) { + ch_free( lm ); + return( -1 ); + } } break; case SLAP_LIMITS_REGEX: case SLAP_LIMITS_UNDEFINED: lm->lm_type = SLAP_LIMITS_REGEX; - lm->lm_dn_pat = ber_bvstrdup( pattern ); - if ( regcomp( &lm->lm_dn_regex, lm->lm_dn_pat->bv_val, + ber_str2bv( pattern, 0, 1, &lm->lm_dn_pat ); + if ( regcomp( &lm->lm_dn_regex, lm->lm_dn_pat.bv_val, REG_EXTENDED | REG_ICASE ) ) { - ber_bvfree( lm->lm_dn_pat ); + free( lm->lm_dn_pat.bv_val ); ch_free( lm ); return( -1 ); } @@ -170,8 +183,10 @@ add_limits( case SLAP_LIMITS_ANONYMOUS: case SLAP_LIMITS_USERS: + case SLAP_LIMITS_ANY: lm->lm_type = type; - lm->lm_dn_pat = NULL; + lm->lm_dn_pat.bv_val = NULL; + lm->lm_dn_pat.bv_len = 0; break; } @@ -208,10 +223,9 @@ parse_limits( if ( argc < 3 ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + LDAP_LOG( CONFIG, CRIT, "%s : line %d: missing arg(s) in " - "\"limits \" line.\n", - fname, lineno )); + "\"limits \" line.\n", fname, lineno, 0 ); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: missing arg(s) in " @@ -254,7 +268,10 @@ parse_limits( */ pattern = argv[1]; - if ( strcasecmp( pattern, "anonymous" ) == 0 ) { + if ( strcmp( pattern, "*" ) == 0) { + type = SLAP_LIMITS_ANY; + + } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) { type = SLAP_LIMITS_ANONYMOUS; } else if ( strcasecmp( pattern, "users" ) == 0 ) { @@ -310,13 +327,11 @@ parse_limits( default: if ( pattern[0] != '=' ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + LDAP_LOG( CONFIG, CRIT, "%s : line %d: missing '=' in " "\"dn[.{exact|base|one|subtree" - "|children|regex|anonymous}]" - "=\" in " - "\"limits \" line.\n", - fname, lineno )); + "|children|regex|anonymous}]" "=\" in " + "\"limits \" line.\n", fname, lineno, 0 ); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: missing '=' in " @@ -332,6 +347,17 @@ parse_limits( /* skip '=' (required) */ pattern++; + + /* trim obvious cases */ + if ( strcmp( pattern, "*" ) == 0 ) { + type = SLAP_LIMITS_ANY; + pattern = NULL; + + } else if ( ( type == SLAP_LIMITS_REGEX || type == SLAP_LIMITS_UNDEFINED ) + && strcmp( pattern, ".*" ) == 0 ) { + type = SLAP_LIMITS_ANY; + pattern = NULL; + } } } @@ -340,10 +366,10 @@ parse_limits( if ( parse_limit( argv[i], &limit ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + LDAP_LOG( CONFIG, CRIT, "%s : line %d: unknown limit type \"%s\" in " "\"limits \" line.\n", - fname, lineno, argv[i] )); + fname, lineno, argv[i] ); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: unknown limit type \"%s\" in "