X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Flimits.c;h=c34e84882164cf464ffff65fed2ba270e8f16627;hb=c5b6a86502dc0c16027cd87e3d9544e9078083db;hp=0154626903e4836f0ffbf0f8b578b7c16aae45ab;hpb=0e2af54a3ffdeebe3901370683be56fcc53023b0;p=openldap diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c index 0154626903..c34e848821 100644 --- a/servers/slapd/limits.c +++ b/servers/slapd/limits.c @@ -40,7 +40,7 @@ get_limits( if ( ndn->bv_len == 0 ) { break; } - if ( strcmp( lm[0]->lm_dn_pat.bv_val, ndn->bv_val ) == 0 ) { + if ( dn_match( &lm[0]->lm_dn_pat, ndn ) ) { *limit = &lm[0]->lm_limits; return( 0 ); } @@ -55,11 +55,11 @@ get_limits( break; } - d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len; /* ndn shorter than dn_pat */ - if ( d < 0 ) { + if ( ndn->bv_len < lm[0]->lm_dn_pat.bv_len ) { break; } + d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len; /* allow exact match for SUBTREE only */ if ( d == 0 ) { @@ -68,15 +68,14 @@ get_limits( } } else { /* check for unescaped rdn separator */ - if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) - || DN_ESCAPE( ndn->bv_val[d-2] ) ) - { + if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) ) { break; } } /* in case of (sub)match ... */ - if ( strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) { + if ( lm[0]->lm_dn_pat.bv_len == ( ndn->bv_len - d ) + && strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) { /* check for exactly one rdn in case of ONE */ if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) { /* @@ -121,6 +120,10 @@ get_limits( } break; + case SLAP_LIMITS_ANY: + *limit = &lm[0]->lm_limits; + return( 0 ); + default: assert( 0 ); /* unreachable */ return( -1 ); @@ -180,6 +183,7 @@ add_limits( case SLAP_LIMITS_ANONYMOUS: case SLAP_LIMITS_USERS: + case SLAP_LIMITS_ANY: lm->lm_type = type; lm->lm_dn_pat.bv_val = NULL; lm->lm_dn_pat.bv_len = 0; @@ -219,10 +223,9 @@ parse_limits( if ( argc < 3 ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + LDAP_LOG( CONFIG, CRIT, "%s : line %d: missing arg(s) in " - "\"limits \" line.\n", - fname, lineno )); + "\"limits \" line.\n", fname, lineno, 0 ); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: missing arg(s) in " @@ -265,7 +268,10 @@ parse_limits( */ pattern = argv[1]; - if ( strcasecmp( pattern, "anonymous" ) == 0 ) { + if ( strcmp( pattern, "*" ) == 0) { + type = SLAP_LIMITS_ANY; + + } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) { type = SLAP_LIMITS_ANONYMOUS; } else if ( strcasecmp( pattern, "users" ) == 0 ) { @@ -321,13 +327,11 @@ parse_limits( default: if ( pattern[0] != '=' ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + LDAP_LOG( CONFIG, CRIT, "%s : line %d: missing '=' in " "\"dn[.{exact|base|one|subtree" - "|children|regex|anonymous}]" - "=\" in " - "\"limits \" line.\n", - fname, lineno )); + "|children|regex|anonymous}]" "=\" in " + "\"limits \" line.\n", fname, lineno, 0 ); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: missing '=' in " @@ -343,6 +347,17 @@ parse_limits( /* skip '=' (required) */ pattern++; + + /* trim obvious cases */ + if ( strcmp( pattern, "*" ) == 0 ) { + type = SLAP_LIMITS_ANY; + pattern = NULL; + + } else if ( ( type == SLAP_LIMITS_REGEX || type == SLAP_LIMITS_UNDEFINED ) + && strcmp( pattern, ".*" ) == 0 ) { + type = SLAP_LIMITS_ANY; + pattern = NULL; + } } } @@ -351,10 +366,10 @@ parse_limits( if ( parse_limit( argv[i], &limit ) ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + LDAP_LOG( CONFIG, CRIT, "%s : line %d: unknown limit type \"%s\" in " "\"limits \" line.\n", - fname, lineno, argv[i] )); + fname, lineno, argv[i] ); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: unknown limit type \"%s\" in "