]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 528ea2f)
allow search limits based on groups (ITS#2967)
authorPierangelo Masarati <ando@openldap.org>
Wed, 18 Feb 2004 16:40:36 +0000 (16:40 +0000)
committerPierangelo Masarati <ando@openldap.org>
Wed, 18 Feb 2004 16:40:36 +0000 (16:40 +0000)
doc/man/man5/slapd.conf.5 patch | blob | history
servers/slapd/back-bdb/search.c patch | blob | history
servers/slapd/back-ldap/search.c patch | blob | history
servers/slapd/back-ldbm/search.c patch | blob | history
servers/slapd/back-meta/search.c patch | blob | history
servers/slapd/back-sql/search.c patch | blob | history
servers/slapd/limits.c patch | blob | history
servers/slapd/proto-slap.h patch | blob | history
servers/slapd/slap.h patch | blob | history
servers/slapd/tools/mimic.c patch | blob | history

diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index 868743b9e4d45d76cb716b4b797be3a937a51fb7..eb087bd686d80d1572a9568229e3be79b4a6ac0c 100644 (file)
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -292,7 +292,7 @@ can be any of
 .RS
 .RS
 .TP
-anonymous | users | [dn[.<style>]=]<pattern>
+anonymous | users | [dn[.<style>]=]<pattern> | group[/oc[/at]]=<pattern>
 
 .RE
 with
@@ -304,11 +304,11 @@ with
 The term
 .B anonymous
 matches all unauthenticated clients.
-the term
+The term
 .B users
 matches all authenticated clients;
-otherwise a
-.B regex
+otherwise an
+.B exact
 dn pattern is assumed unless otherwise specified by qualifying 
 the (optional) key string
 .B dn
@@ -337,6 +337,24 @@ The same behavior is obtained by using the
 form of the
 .B who
 clause.
+The term
+.BR group ,
+with the optional objectClass
+.B oc
+and attributeType
+.B at
+fields, followed by
+.BR pattern ,
+sets the limits for any DN listed in the values of the
+.B at
+attribute (default
+.BR member )
+of the 
+.B oc
+group objectClass (default
+.BR groupOfNames )
+whose DN exactly matches
+.BR pattern .
 
 The currently supported limits are 
 .B size
diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c
index 5b9d8438fbeb8082ca54641530902d564ed5eaf8..e9ceab27deae2ac047671ab1fa2220cc16cb0261 100644 (file)
--- a/servers/slapd/back-bdb/search.c
+++ b/servers/slapd/back-bdb/search.c
@@ -651,7 +651,7 @@ dn2entry_retry:
        if ( be_isroot( op->o_bd, &sop->o_ndn ) ) {
                isroot = 1;
        } else {
-               ( void ) get_limits( op->o_bd, &sop->o_ndn, &limit );
+               ( void ) get_limits( op, &sop->o_ndn, &limit );
        }
 
        /* The time/size limits come first because they require very little
diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 5c8ec754e94978ef6344bbcb164c10a07b018fa0..fac26b544962d51654f03f37e8aac61e2065d372 100644 (file)
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -83,7 +83,7 @@ ldap_back_search(
        if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
                isroot = 1;
        } else {
-               ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
+               ( void ) get_limits( op, &op->o_ndn, &limit );
        }
        
        /* if no time limit requested, rely on remote server limits */
diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index 70fc4c0af9e3d515b944addb9a4c45308e970b23..7ae88c475bc627753aef6c9726937c17bc448c27 100644 (file)
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -216,7 +216,7 @@ searchit:
                 */
                isroot = 1;
        } else {
-               ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
+               ( void ) get_limits( op, &op->o_ndn, &limit );
        }
 
        /* if candidates exceed to-be-checked entries, abort */
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index a31356471f32f832f3d0fa42ef080ce7da3bfa64..40f1b03dbe59e0fcdf0f0648777d9387ff36b89d 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -103,7 +103,7 @@ meta_back_search( Operation *op, SlapReply *rs )
        if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
                isroot = 1;
        } else {
-               ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
+               ( void ) get_limits( op, &op->o_ndn, &limit );
        }
 
        /* if no time limit requested, rely on remote server limits */
diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
index d036ea2ea0dc40a0614c80e32e62300edcf06376..65257d0e0fa610d17e88325414d1f2b0a2bb3328 100644 (file)
--- a/servers/slapd/back-sql/search.c
+++ b/servers/slapd/back-sql/search.c
@@ -1191,7 +1191,7 @@ backsql_search( Operation *op, SlapReply *rs )
        if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
                isroot = 1;
        } else {
-               ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
+               ( void ) get_limits( op, &op->o_ndn, &limit );
        }
 
        /* The time/size limits come first because they require very little
diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c
index d5fae775a2b7989d7cfc0973838c184d81a378d3..1ba44b81bac7e6282ce5c21b8b3a15bca4db572e 100644 (file)
--- a/servers/slapd/limits.c
+++ b/servers/slapd/limits.c
@@ -25,32 +25,49 @@
 
 int
 get_limits( 
-       Backend                 *be, 
+       Operation               *op,
        struct berval           *ndn, 
        struct slap_limits_set  **limit
 )
 {
        struct slap_limits **lm;
 
-       assert( be );
+       assert( op );
        assert( limit );
 
        /*
         * default values
         */
-       *limit = &be->be_def_limit;
+       *limit = &op->o_bd->be_def_limit;
 
-       if ( be->be_limits == NULL ) {
+       if ( op->o_bd->be_limits == NULL ) {
                return( 0 );
        }
 
-       for ( lm = be->be_limits; lm[0] != NULL; lm++ ) {
-               switch ( lm[0]->lm_type ) {
+       for ( lm = op->o_bd->be_limits; lm[0] != NULL; lm++ ) {
+               unsigned        style = lm[0]->lm_flags & SLAP_LIMITS_MASK;
+               unsigned        type = lm[0]->lm_flags & SLAP_LIMITS_TYPE_MASK;
+
+               switch ( style ) {
                case SLAP_LIMITS_EXACT:
                        if ( ndn->bv_len == 0 ) {
                                break;
                        }
-                       if ( dn_match( &lm[0]->lm_dn_pat, ndn ) ) {
+
+                       if ( type == SLAP_LIMITS_TYPE_GROUP ) {
+                               int     rc;
+
+                               rc = backend_group( op, NULL,
+                                               &lm[0]->lm_pat, ndn,
+                                               lm[0]->lm_group_oc,
+                                               lm[0]->lm_group_ad );
+                               if ( rc == 0 ) {
+                                       *limit = &lm[0]->lm_limits;
+                                       return( 0 );
+                               }
+                       }
+                       
+                       if ( dn_match( &lm[0]->lm_pat, ndn ) ) {
                                *limit = &lm[0]->lm_limits;
                                return( 0 );
                        }
@@ -66,14 +83,14 @@ get_limits(
                        }
 
                        /* ndn shorter than dn_pat */
-                       if ( ndn->bv_len < lm[0]->lm_dn_pat.bv_len ) {
+                       if ( ndn->bv_len < lm[0]->lm_pat.bv_len ) {
                                break;
                        }
-                       d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len;
+                       d = ndn->bv_len - lm[0]->lm_pat.bv_len;
 
                        /* allow exact match for SUBTREE only */
                        if ( d == 0 ) {
-                               if ( lm[0]->lm_type != SLAP_LIMITS_SUBTREE ) {
+                               if ( style != SLAP_LIMITS_SUBTREE ) {
                                        break;
                                }
                        } else {
@@ -84,15 +101,19 @@ get_limits(
                        }
 
                        /* in case of (sub)match ... */
-                       if ( lm[0]->lm_dn_pat.bv_len == ( ndn->bv_len - d )
-                                       && strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) {
+                       if ( lm[0]->lm_pat.bv_len == ( ndn->bv_len - d )
+                                       && strcmp( lm[0]->lm_pat.bv_val,
+                                               &ndn->bv_val[d] ) == 0 )
+                       {
                                /* check for exactly one rdn in case of ONE */
-                               if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) {
+                               if ( style == SLAP_LIMITS_ONE ) {
                                        /*
                                         * if ndn is more that one rdn
                                         * below dn_pat, continue
                                         */
-                                       if ( (size_t) dn_rdnlen( NULL, ndn ) != d - 1 ) {
+                                       if ( (size_t) dn_rdnlen( NULL, ndn )
+                                                       != d - 1 )
+                                       {
                                                break;
                                        }
                                }
@@ -108,8 +129,8 @@ get_limits(
                        if ( ndn->bv_len == 0 ) {
                                break;
                        }
-                       if ( regexec( &lm[0]->lm_dn_regex, ndn->bv_val, 0, NULL, 0 )
-                               == 0 )
+                       if ( regexec( &lm[0]->lm_regex, ndn->bv_val,
+                                               0, NULL, 0 ) == 0 )
                        {
                                *limit = &lm[0]->lm_limits;
                                return( 0 );
@@ -146,23 +167,29 @@ get_limits(
 static int
 add_limits(
        Backend                 *be,
-       int                     type,
+       unsigned                flags,
        const char              *pattern,
+       ObjectClass             *group_oc,
+       AttributeDescription    *group_ad,
        struct slap_limits_set  *limit
 )
 {
        int                     i;
        struct slap_limits      *lm;
+       unsigned                type, style;
        
        assert( be );
        assert( limit );
 
-       switch ( type ) {
+       type = flags & SLAP_LIMITS_TYPE_MASK;
+       style = flags & SLAP_LIMITS_MASK;
+
+       switch ( style ) {
        case SLAP_LIMITS_ANONYMOUS:
        case SLAP_LIMITS_USERS:
        case SLAP_LIMITS_ANY:
                for ( i = 0; be->be_limits && be->be_limits[ i ]; i++ ) {
-                       if ( be->be_limits[ i ]->lm_type == type ) {
+                       if ( be->be_limits[ i ]->lm_flags == style ) {
                                return( -1 );
                        }
                }
@@ -172,19 +199,22 @@ add_limits(
 
        lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 );
 
-       switch ( type ) {
+       switch ( style ) {
+       case SLAP_LIMITS_UNDEFINED:
+               style = SLAP_LIMITS_EXACT;
+               /* continue to next cases */
        case SLAP_LIMITS_EXACT:
        case SLAP_LIMITS_ONE:
        case SLAP_LIMITS_SUBTREE:
        case SLAP_LIMITS_CHILDREN:
-               lm->lm_type = type;
+               lm->lm_flags = style | type;
                {
                        int rc;
                        struct berval bv;
                        bv.bv_val = (char *) pattern;
                        bv.bv_len = strlen( pattern );
 
-                       rc = dnNormalize( 0, NULL, NULL, &bv, &lm->lm_dn_pat, NULL );
+                       rc = dnNormalize( 0, NULL, NULL, &bv, &lm->lm_pat, NULL );
                        if ( rc != LDAP_SUCCESS ) {
                                ch_free( lm );
                                return( -1 );
@@ -193,12 +223,11 @@ add_limits(
                break;
                
        case SLAP_LIMITS_REGEX:
-       case SLAP_LIMITS_UNDEFINED:
-               lm->lm_type = SLAP_LIMITS_REGEX;
-               ber_str2bv( pattern, 0, 1, &lm->lm_dn_pat );
-               if ( regcomp( &lm->lm_dn_regex, lm->lm_dn_pat.bv_val, 
+               lm->lm_flags = style | type;
+               ber_str2bv( pattern, 0, 1, &lm->lm_pat );
+               if ( regcomp( &lm->lm_regex, lm->lm_pat.bv_val, 
                                        REG_EXTENDED | REG_ICASE ) ) {
-                       free( lm->lm_dn_pat.bv_val );
+                       free( lm->lm_pat.bv_val );
                        ch_free( lm );
                        return( -1 );
                }
@@ -207,9 +236,18 @@ add_limits(
        case SLAP_LIMITS_ANONYMOUS:
        case SLAP_LIMITS_USERS:
        case SLAP_LIMITS_ANY:
-               lm->lm_type = type;
-               lm->lm_dn_pat.bv_val = NULL;
-               lm->lm_dn_pat.bv_len = 0;
+               lm->lm_flags = style | type;
+               lm->lm_pat.bv_val = NULL;
+               lm->lm_pat.bv_len = 0;
+               break;
+       }
+
+       switch ( type ) {
+       case SLAP_LIMITS_TYPE_GROUP:
+               assert( group_oc );
+               assert( group_ad );
+               lm->lm_group_oc = group_oc;
+               lm->lm_group_ad = group_ad;
                break;
        }
 
@@ -237,10 +275,12 @@ parse_limits(
        char        **argv
 )
 {
-       int     type = SLAP_LIMITS_UNDEFINED;
-       char    *pattern;
-       struct slap_limits_set limit;
-       int     i, rc = 0;
+       int                     flags = SLAP_LIMITS_UNDEFINED;
+       char                    *pattern;
+       struct slap_limits_set  limit;
+       int                     i, rc = 0;
+       ObjectClass             *group_oc = NULL;
+       AttributeDescription    *group_ad = NULL;
 
        assert( be );
 
@@ -292,54 +332,54 @@ parse_limits(
        
        pattern = argv[1];
        if ( strcmp( pattern, "*" ) == 0) {
-               type = SLAP_LIMITS_ANY;
+               flags = SLAP_LIMITS_ANY;
 
        } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
-               type = SLAP_LIMITS_ANONYMOUS;
+               flags = SLAP_LIMITS_ANONYMOUS;
 
        } else if ( strcasecmp( pattern, "users" ) == 0 ) {
-               type = SLAP_LIMITS_USERS;
+               flags = SLAP_LIMITS_USERS;
                
-       } else if ( strncasecmp( pattern, "dn", sizeof( "dn") - 1 ) == 0 ) {
-               pattern += 2;
+       } else if ( strncasecmp( pattern, "dn", sizeof( "dn" ) - 1 ) == 0 ) {
+               pattern += sizeof( "dn" ) - 1;
                if ( pattern[0] == '.' ) {
                        pattern++;
                        if ( strncasecmp( pattern, "exact", sizeof( "exact" ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_EXACT;
-                               pattern += 5;
+                               flags = SLAP_LIMITS_EXACT;
+                               pattern += sizeof( "exact" ) - 1;
 
-                       } else if ( strncasecmp( pattern, "base", sizeof( "base " ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_BASE;
-                               pattern += 4;
+                       } else if ( strncasecmp( pattern, "base", sizeof( "base" ) - 1 ) == 0 ) {
+                               flags = SLAP_LIMITS_BASE;
+                               pattern += sizeof( "base" ) - 1;
 
                        } else if ( strncasecmp( pattern, "one", sizeof( "one" ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_ONE;
-                               pattern += 3;
+                               flags = SLAP_LIMITS_ONE;
+                               pattern += sizeof( "one" ) - 1;
 
                        } else if ( strncasecmp( pattern, "subtree", sizeof( "subtree" ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_SUBTREE;
-                               pattern += 7;
+                               flags = SLAP_LIMITS_SUBTREE;
+                               pattern += sizeof( "subtree" ) - 1;
 
                        } else if ( strncasecmp( pattern, "children", sizeof( "children" ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_CHILDREN;
-                               pattern += 8;
+                               flags = SLAP_LIMITS_CHILDREN;
+                               pattern += sizeof( "children" ) - 1;
 
                        } else if ( strncasecmp( pattern, "regex", sizeof( "regex" ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_REGEX;
-                               pattern += 5;
+                               flags = SLAP_LIMITS_REGEX;
+                               pattern += sizeof( "regex" ) - 1;
 
                        /* 
                         * this could be deprecated in favour
                         * of the pattern = "anonymous" form
                         */
                        } else if ( strncasecmp( pattern, "anonymous", sizeof( "anonymous" ) - 1 ) == 0 ) {
-                               type = SLAP_LIMITS_ANONYMOUS;
+                               flags = SLAP_LIMITS_ANONYMOUS;
                                pattern = NULL;
                        }
                }
 
                /* pre-check the data */
-               switch ( type ) {
+               switch ( flags ) {
                case SLAP_LIMITS_ANONYMOUS:
                case SLAP_LIMITS_USERS:
 
@@ -373,15 +413,95 @@ parse_limits(
 
                        /* trim obvious cases */
                        if ( strcmp( pattern, "*" ) == 0 ) {
-                               type = SLAP_LIMITS_ANY;
+                               flags = SLAP_LIMITS_ANY;
                                pattern = NULL;
 
-                       } else if ( ( type == SLAP_LIMITS_REGEX || type == SLAP_LIMITS_UNDEFINED ) 
+                       } else if ( flags == SLAP_LIMITS_REGEX
                                        && strcmp( pattern, ".*" ) == 0 ) {
-                               type = SLAP_LIMITS_ANY;
+                               flags = SLAP_LIMITS_ANY;
                                pattern = NULL;
                        }
                }
+
+       } else if (strncasecmp( pattern, "group", sizeof( "group" ) - 1 ) == 0 ) {
+               pattern += sizeof( "group" ) - 1;
+
+               if ( pattern[0] == '/' ) {
+                       struct berval   oc, ad;
+
+                       oc.bv_val = pattern + 1;
+
+                       ad.bv_val = strchr(pattern, '/');
+                       if ( ad.bv_val != NULL ) {
+                               const char      *text = NULL;
+                               int             rc;
+
+                               oc.bv_len = ad.bv_val - oc.bv_val;
+
+                               ad.bv_val++;
+                               ad.bv_len = strlen( ad.bv_val );
+                               rc = slap_bv2ad( &ad, &group_ad, &text );
+                               if ( rc != LDAP_SUCCESS ) {
+                                       goto no_ad;
+                               }
+
+                               pattern = ad.bv_val + ad.bv_len;
+
+                       } else {
+                               oc.bv_len = strlen( oc.bv_val );
+
+                               pattern = oc.bv_val + oc.bv_len;
+                       }
+
+                       group_oc = oc_bvfind( &oc );
+                       if ( group_oc == NULL ) {
+                               goto no_oc;
+                       }
+               }
+
+               if ( group_oc == NULL ) {
+                       group_oc = oc_find( SLAPD_GROUP_CLASS );
+                       if ( group_oc == NULL ) {
+no_oc:;
+                               return( -1 );
+                       }
+               }
+
+               if ( group_ad == NULL ) {
+                       const char      *text = NULL;
+                       int             rc;
+                       
+                       rc = slap_str2ad( SLAPD_GROUP_ATTR, &group_ad, &text );
+
+                       if ( rc != LDAP_SUCCESS ) {
+no_ad:;
+                               return( -1 );
+                       }
+               }
+
+               flags = SLAP_LIMITS_TYPE_GROUP | SLAP_LIMITS_EXACT;
+
+               if ( pattern[0] != '=' ) {
+#ifdef NEW_LOGGING
+                       LDAP_LOG( CONFIG, CRIT, 
+                               "%s : line %d: missing '=' in "
+                               "\"group[/objectClass[/attributeType]]"
+                               "=<pattern>\" in "
+                               "\"limits <pattern> <limits>\" line.\n",
+                               fname, lineno, 0 );
+#else
+                       Debug( LDAP_DEBUG_ANY,
+                               "%s : line %d: missing '=' in "
+                               "\"group[/objectClass[/attributeType]]"
+                               "=<pattern>\" in "
+                               "\"limits <pattern> <limits>\" line.\n",
+                               fname, lineno, 0 );
+#endif
+                       return( -1 );
+               }
+
+               /* skip '=' (required) */
+               pattern++;
        }
 
        /* get the limits */
@@ -390,12 +510,12 @@ parse_limits(
 
 #ifdef NEW_LOGGING
                        LDAP_LOG( CONFIG, CRIT, 
-                               "%s : line %d: unknown limit type \"%s\" in "
+                               "%s : line %d: unknown limit values \"%s\" in "
                                "\"limits <pattern> <limits>\" line.\n",
                                fname, lineno, argv[i] );
 #else
                        Debug( LDAP_DEBUG_ANY,
-                               "%s : line %d: unknown limit type \"%s\" in "
+                               "%s : line %d: unknown limit values \"%s\" in "
                                "\"limits <pattern> <limits>\" line.\n",
                        fname, lineno, argv[i] );
 #endif
@@ -419,7 +539,7 @@ parse_limits(
                limit.lms_s_hard = limit.lms_s_soft;
        }
        
-       rc = add_limits( be, type, pattern, &limit );
+       rc = add_limits( be, flags, pattern, group_oc, group_ad, &limit );
        if ( rc ) {
 
 #ifdef NEW_LOGGING
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 11556fc0b79ab9b3acefe92c9df9ebd12f65d3d1..0276a46e33bcdf55237698192dadf53bcc0b1f69 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -628,7 +628,7 @@ LDAP_SLAPD_F (int) slap_build_syncUUID_set LDAP_P((
  * limits.c
  */
 LDAP_SLAPD_F (int) get_limits LDAP_P((
-       Backend *be, struct berval *ndn,
+       Operation *op, struct berval *ndn,
        struct slap_limits_set **limit ));
 LDAP_SLAPD_F (int) parse_limits LDAP_P((
        Backend *be, const char *fname, int lineno,
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 56a36e3ef98201bd122a08672498b209854fc203..f2144b6bc62baf238f6a7263ba23db99c143177e 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1281,24 +1281,37 @@ struct slap_limits_set {
 };
 
 struct slap_limits {
-       int     lm_type;        /* type of pattern */
-#define SLAP_LIMITS_UNDEFINED  0x0000
-#define SLAP_LIMITS_EXACT              0x0001
+       unsigned                lm_flags;       /* type of pattern */
+#define SLAP_LIMITS_UNDEFINED          0x0000U
+#define SLAP_LIMITS_EXACT              0x0001U
 #define SLAP_LIMITS_BASE               SLAP_LIMITS_EXACT
-#define SLAP_LIMITS_ONE                        0x0002
-#define SLAP_LIMITS_SUBTREE            0x0003
-#define SLAP_LIMITS_CHILDREN   0x0004
-#define SLAP_LIMITS_REGEX              0x0005
-#define SLAP_LIMITS_ANONYMOUS  0x0006
-#define SLAP_LIMITS_USERS              0x0007
-#define SLAP_LIMITS_ANY                        0x0008
-       regex_t lm_dn_regex;            /* regex data for REGEX */
+#define SLAP_LIMITS_ONE                        0x0002U
+#define SLAP_LIMITS_SUBTREE            0x0003U
+#define SLAP_LIMITS_CHILDREN           0x0004U
+#define SLAP_LIMITS_REGEX              0x0005U
+#define SLAP_LIMITS_ANONYMOUS          0x0006U
+#define SLAP_LIMITS_USERS              0x0007U
+#define SLAP_LIMITS_ANY                        0x0008U
+#define SLAP_LIMITS_MASK               0x000FU
+
+#define SLAP_LIMITS_TYPE_DN            0x0000U
+#define SLAP_LIMITS_TYPE_GROUP         0x0010U
+#define SLAP_LIMITS_TYPE_MASK          0x00F0U
+
+       regex_t                 lm_regex;       /* regex data for REGEX */
 
        /*
         * normalized DN for EXACT, BASE, ONE, SUBTREE, CHILDREN;
         * pattern for REGEX; NULL for ANONYMOUS, USERS
         */
-       struct berval lm_dn_pat;
+       struct berval           lm_pat;
+
+       /* if lm_flags & SLAP_LIMITS_TYPE_MASK == SLAP_LIMITS_GROUP,
+        * lm_group_oc is objectClass and lm_group_at is attributeType
+        * of member in oc for match; then lm_flags & SLAP_LIMITS_MASK
+        * can only be SLAP_LIMITS_EXACT */
+       ObjectClass             *lm_group_oc;
+       AttributeDescription    *lm_group_ad;
 
        struct slap_limits_set  lm_limits;
 };
diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c
index db578eb57eea191d1afe3d50aad9b4605703c111..71830bb89a4117ecd79a2612b963cc5419438d6a 100644 (file)
--- a/servers/slapd/tools/mimic.c
+++ b/servers/slapd/tools/mimic.c
@@ -232,7 +232,7 @@ int parse_limit( const char *arg, struct slap_limits_set *limit )
        return 0;
 }
 
-int get_limits( Backend *be, struct berval *ndn, struct slap_limits_set **limit )
+int get_limits( Operation *op, struct berval *ndn, struct slap_limits_set **limit )
 {
        return 0;
 }
Cloned from git://git.openldap.org/openldap.git