}
/* check time limit */
- if ( sop->ors_tlimit != -1 && slap_get_time() > stoptime ) {
+ if ( sop->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( sop, rs );
/* should we check return values? */
if (op->ors_deref != -1)
ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&op->ors_deref);
- if (op->ors_tlimit != -1) {
+ if (op->ors_tlimit != SLAP_NO_LIMIT) {
tv.tv_sec = op->ors_tlimit;
tv.tv_usec = 0;
} else {
}
/* check time limit */
- if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) {
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
send_ldap_result( op, rs );
rc = LDAP_SUCCESS;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
- op->ors_tlimit = (op->ors_tlimit > op->o_bd->be_timelimit || op->ors_tlimit < 1) ? op->o_bd->be_timelimit
- : op->ors_tlimit;
- stoptime = op->o_time + op->ors_tlimit;
- op->ors_slimit = (op->ors_slimit > op->o_bd->be_sizelimit || op->ors_slimit < 1) ? op->o_bd->be_sizelimit
- : op->ors_slimit;
+ if (op->ors_tlimit != SLAP_NO_LIMIT ) {
+ stoptime = op->o_time + op->ors_tlimit;
+ }
/* Handle a query for the base of this backend */
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
}
/* check time limit */
- if ( slap_get_time() > stoptime ) {
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
}
/* check time limit */
- if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) {
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ctrls = NULL;
rs->sr_ref = rs->sr_v2ref;
}
entry_free( entry );
- if ( op->ors_slimit != -1
- && rs->sr_nentries >= op->ors_slimit ) {
+ if ( op->ors_slimit != SLAP_NO_LIMIT
+ && rs->sr_nentries >= op->ors_slimit )
+ {
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
send_ldap_result( op, rs );
goto end_of_search;
switch(rs->sr_type) {
case REP_SEARCH:
- if ( gs->slimit != -1 && rs->sr_nentries >= gs->slimit ) {
+ if ( gs->slimit != SLAP_NO_LIMIT
+ && rs->sr_nentries >= gs->slimit )
+ {
rs->sr_err = gs->err = LDAP_SIZELIMIT_EXCEEDED;
return -1;
}
continue;
if (!dnIsSuffix(&gi->n[i].be->be_nsuffix[0], &b1->be_nsuffix[0]))
continue;
- if (tlimit0 != -1) {
+ if (tlimit0 != SLAP_NO_LIMIT) {
op->ors_tlimit = stoptime - slap_get_time ();
if (op->ors_tlimit <= 0) {
rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
break;
}
}
- if (slimit0 != -1) {
+ if (slimit0 != SLAP_NO_LIMIT) {
op->ors_slimit = slimit0 - rs->sr_nentries;
if (op->ors_slimit < 0) {
rs->sr_err = gs.err = LDAP_SIZELIMIT_EXCEEDED;
op->ors_limit = NULL;
if ( op->ors_tlimit == 0 ) {
- op->ors_tlimit = -1;
+ op->ors_tlimit = SLAP_NO_LIMIT;
}
if ( op->ors_slimit == 0 ) {
- op->ors_slimit = -1;
+ op->ors_slimit = SLAP_NO_LIMIT;
}
/* if not root, get appropriate limits */
if ( pr_total == -1 ) {
slimit = -1;
- } else if ( pr_total > 0 && ( op->ors_slimit == -1 || op->ors_slimit > pr_total ) ) {
+ } else if ( pr_total > 0 && ( op->ors_slimit == SLAP_NO_LIMIT || op->ors_slimit > pr_total ) ) {
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
op->o_req_ndn = op->o_bd->be_nsuffix[0];
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_deref = LDAP_DEREF_NEVER;
- op->ors_slimit = -1;
- op->ors_tlimit = -1;
+ op->ors_slimit = SLAP_NO_LIMIT;
+ op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_filter = &filter;
op->ors_filterstr.bv_val = filter_str;
op->ors_filterstr.bv_len = strlen(filter_str);
nop.o_tag = LDAP_REQ_SEARCH;
nop.ors_scope = LDAP_SCOPE_SUBTREE;
nop.ors_deref = LDAP_DEREF_NEVER;
- nop.ors_slimit = -1;
- nop.ors_tlimit = -1;
+ nop.ors_slimit = SLAP_NO_LIMIT;
+ nop.ors_tlimit = SLAP_NO_LIMIT;
nop.o_req_ndn = id->dn;
nop.o_req_dn = id->dn;
nop.o_tag = LDAP_REQ_SEARCH;
nop.ors_scope = LDAP_SCOPE_SUBTREE;
nop.ors_deref = LDAP_DEREF_NEVER;
- nop.ors_slimit = -1;
- nop.ors_tlimit = -1;
+ nop.ors_slimit = SLAP_NO_LIMIT;
+ nop.ors_tlimit = SLAP_NO_LIMIT;
nop.o_req_ndn = ud->dn;
nop.o_ndn = op->o_bd->be_rootndn;
nop.o_tag = LDAP_REQ_SEARCH;
nop.ors_scope = LDAP_SCOPE_SUBTREE;
nop.ors_deref = LDAP_DEREF_NEVER;
- nop.ors_slimit = -1;
- nop.ors_tlimit = -1;
+ nop.ors_slimit = SLAP_NO_LIMIT;
+ nop.ors_tlimit = SLAP_NO_LIMIT;
nop.o_req_ndn = ud->dn;
nop.o_ndn = op->o_bd->be_rootndn;
nop.o_tag = LDAP_REQ_SEARCH;
nop.ors_scope = LDAP_SCOPE_SUBTREE;
nop.ors_deref = LDAP_DEREF_NEVER;
- nop.ors_slimit = -1;
- nop.ors_tlimit = -1;
+ nop.ors_slimit = SLAP_NO_LIMIT;
+ nop.ors_tlimit = SLAP_NO_LIMIT;
nop.o_req_ndn = ud->dn;
nop.o_ndn = op->o_bd->be_rootndn;
op.o_req_dn = op.o_req_ndn;
op.ors_scope = LDAP_SCOPE_BASE;
op.ors_deref = LDAP_DEREF_NEVER;
+ op.ors_tlimit = SLAP_NO_LIMIT;
op.ors_slimit = 1;
op.ors_filter = &generic_filter;
op.ors_filterstr = generic_filterstr;
if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val );
ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx );
op.oq_search.rs_slimit = 1;
- op.oq_search.rs_tlimit = -1;
+ op.oq_search.rs_tlimit = SLAP_NO_LIMIT;
op.o_sync_slog_size = -1;
op.o_bd->be_search( &op, &rs );
#endif
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
op.oq_search.rs_slimit = 1;
- op.oq_search.rs_tlimit = -1;
+ op.oq_search.rs_tlimit = SLAP_NO_LIMIT;
op.oq_search.rs_attrsonly = 1;
/* use req_ndn as req_dn instead of non-pretty base of uri */
if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val );
int lms_s_pr_total;
};
+/* Note: this is different from LDAP_NO_LIMIT (0); slapd internal use only */
+#define SLAP_NO_LIMIT -1
+
struct slap_limits {
unsigned lm_flags; /* type of pattern */
#define SLAP_LIMITS_UNDEFINED 0x0000U
#define SLAP_RESTRICT_OP_SEARCH 0x0080U
#define SLAP_RESTRICT_OP_MASK 0x00FFU
+#define SLAP_RESTRICT_READONLY 0x80000000U
+
#define SLAP_RESTRICT_EXOP_START_TLS 0x0100U
#define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U
#define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U
op->oq_search.rs_scope = scope;
op->oq_search.rs_deref = 0;
- op->oq_search.rs_slimit = LDAP_NO_LIMIT;
- op->oq_search.rs_tlimit = LDAP_NO_LIMIT;
+ op->oq_search.rs_slimit = SLAP_NO_LIMIT;
+ op->oq_search.rs_tlimit = SLAP_NO_LIMIT;
op->oq_search.rs_attrsonly = attrsonly;
op->oq_search.rs_attrs = an;
op->oq_search.rs_filter = filter;
projects / openldap / commitdiff