From: Pierangelo Masarati Date: Mon, 29 Dec 2003 18:02:49 +0000 (+0000) Subject: allow to set max passes per rule X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~88 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=3994dc645ad3de41d7b4a9d53713a2a4bd8b6890;p=openldap allow to set max passes per rule --- diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5 index 71ffdf4e44..d4bfeb74f9 100644 --- a/doc/man/man5/slapd-meta.5 +++ b/doc/man/man5/slapd-meta.5 @@ -332,8 +332,8 @@ server will possibly enforce additional restrictions to "foo". A string is rewritten according to a set of rules, called a `rewrite context'. The rules are based on Regular Expressions (POSIX regex) with -substring matching; extensions are planned to allow basic variable -substitution and map resolution of substrings. +substring matching; basic variable substitution and map resolution +of substrings is allowed by specific mechanisms detailed in the following. The behavior of pattern matching/substitution can be altered by a set of flags. .LP @@ -341,14 +341,17 @@ The underlying concept is to build a lightweight rewrite module for the slapd server (initially dedicated to the LDAP backend). .SH Passes An incoming string is matched agains a set of rules. -Rules are made of a match pattern, a substitution pattern and a set of -actions. +Rules are made of a regex match pattern, a substitution pattern +and a set of actions, described by a set of flags. In case of match a string rewriting is performed according to the substitution pattern that allows to refer to substrings matched in the incoming string. The actions, if any, are finally performed. The substitution pattern allows map resolution of substrings. A map is a generic object that maps a substitution pattern to a value. +The flags are divided in "Pattern matching Flags" and "Action Flags"; +the former alter the regex match pattern behaviorm while the latter +alter the action that is taken after substitution. .SH "Pattern Matching Flags" .TP .B `C' @@ -356,6 +359,12 @@ honors case in matching (default is case insensitive) .TP .B `R' use POSIX Basic Regular Expressions (default is Extended) +.TP +.B `M{n}' +allow no more than +.B n +recursive passes for a specific rule; does not alter the max total count +of passes, so it can only enforce a stricter limit for a specific rule. .SH "Action Flags" .TP .B `:' @@ -398,7 +407,7 @@ or, in other words, `@' is equivalent to `U{0}'. By convention, the freely available codes are above 16 included; the others are reserved. .LP -The ordering of the flags is significant. +The ordering of the flags can be significant. For instance: `IG{2}' means ignore errors and jump two lines ahead both in case of match and in case of error, while `G{2}I' means ignore errors, but jump two lines ahead only in case of match. @@ -549,7 +558,7 @@ In this case the alias context contains no rule, and any reference to it will result in accessing the aliased one. .TP .B rewriteRule "" "" "[ ]" -Determines how a tring can be rewritten if a pattern is matched. +Determines how a string can be rewritten if a pattern is matched. Examples are reported below. .SH "Additional configuration syntax:" .TP @@ -562,9 +571,16 @@ The map is referenced inside the substitution pattern of a rule. Sets a value with global scope, that can be dereferenced by the command `%{$paramName}'. .TP -.B rewriteMaxPasses +.B rewriteMaxPasses [] Sets the maximum number of total rewriting passes that can be performed in a single rewrite operation (to avoid loops). +A safe default is set to 100; note that reaching this limit is still +treated as a success; recursive invocation of rules is simply +interrupted. +The count applies to the rewriting operation as a whole, not +to any single rule; an optional per-rule limit can be set. +This limit is overridden by setting specific per-rule limits +with the `M{n}' flag. .SH "Configuration examples:" .nf # set to `off' to disable rewriting diff --git a/libraries/librewrite/config.c b/libraries/librewrite/config.c index 9cf3ad98dc..da33b467a5 100644 --- a/libraries/librewrite/config.c +++ b/libraries/librewrite/config.c @@ -39,7 +39,7 @@ rewrite_parse_builtin_map( * lines handled are of the form: * * rewriteEngine {on|off} - * rewriteMaxPasses numPasses + * rewriteMaxPasses numPasses [numPassesPerRule] * rewriteContext contextName [alias aliasedContextName] * rewriteRule pattern substPattern [ruleFlags] * rewriteMap mapType mapName [mapArgs] @@ -103,7 +103,25 @@ rewrite_parse( fname, lineno, "" ); return -1; } + info->li_max_passes = atoi( argv[ 1 ] ); + if ( info->li_max_passes <= 0 ) { + Debug( LDAP_DEBUG_ANY, + "[%s:%d] negative or null rewriteMaxPasses'\n", + fname, lineno, 0 ); + } + + if ( argc > 2 ) { + info->li_max_passes_per_rule = atoi( argv[ 2 ] ); + if ( info->li_max_passes_per_rule <= 0 ) { + Debug( LDAP_DEBUG_ANY, + "[%s:%d] negative or null rewriteMaxPassesPerRule'\n", + fname, lineno, 0 ); + } + + } else { + info->li_max_passes_per_rule = info->li_max_passes; + } rc = REWRITE_SUCCESS; /* diff --git a/libraries/librewrite/info.c b/libraries/librewrite/info.c index d8e9c21ba3..faa2424c3f 100644 --- a/libraries/librewrite/info.c +++ b/libraries/librewrite/info.c @@ -67,6 +67,7 @@ rewrite_info_init( info->li_state = REWRITE_DEFAULT; info->li_max_passes = REWRITE_MAX_PASSES; + info->li_max_passes_per_rule = REWRITE_MAX_PASSES; info->li_rewrite_mode = mode; /* diff --git a/libraries/librewrite/rewrite-int.h b/libraries/librewrite/rewrite-int.h index 24fe0fb870..bfdbff1220 100644 --- a/libraries/librewrite/rewrite-int.h +++ b/libraries/librewrite/rewrite-int.h @@ -72,6 +72,7 @@ #define REWRITE_FLAG_UNWILLING '#' #define REWRITE_FLAG_GOTO 'G' /* requires an arg */ #define REWRITE_FLAG_USER 'U' /* requires an arg */ +#define REWRITE_FLAG_MAX_PASSES 'M' /* requires an arg */ #define REWRITE_FLAG_IGNORE_ERR 'I' /* @@ -219,6 +220,7 @@ struct rewrite_rule { #define REWRITE_RECURSE 0x0001 #define REWRITE_EXEC_ONCE 0x0002 int lr_mode; + int lr_max_passes; struct rewrite_action *lr_action; }; @@ -304,6 +306,7 @@ struct rewrite_info { */ #define REWRITE_MAXPASSES 100 int li_max_passes; + int li_max_passes_per_rule; /* * Behavior in case a NULL or non-existent context is required diff --git a/libraries/librewrite/rule.c b/libraries/librewrite/rule.c index 11f489bda3..e5a0732703 100644 --- a/libraries/librewrite/rule.c +++ b/libraries/librewrite/rule.c @@ -116,6 +116,7 @@ rewrite_rule_compile( { int flags = REWRITE_REGEX_EXTENDED | REWRITE_REGEX_ICASE; int mode = REWRITE_RECURSE; + int max_passes = info->li_max_passes_per_rule; struct rewrite_rule *rule = NULL; struct rewrite_subst *subst = NULL; @@ -264,6 +265,33 @@ rewrite_rule_compile( break; } + case REWRITE_FLAG_MAX_PASSES: { /* 'U' */ + /* + * Set the number of max passes per rule + */ + char *next = NULL; + + if ( p[ 1 ] != '{' ) { + /* XXX Need to free stuff */ + return REWRITE_ERR; + } + + max_passes = strtol( &p[ 2 ], &next, 0 ); + if ( next == NULL || next == &p[ 2 ] || next[0] != '}' ) { + /* XXX Need to free stuff */ + return REWRITE_ERR; + } + + if ( max_passes < 1 ) { + /* FIXME: nonsense ... */ + max_passes = 1; + } + + p = next; /* p is incremented by the for ... */ + + break; + } + case REWRITE_FLAG_IGNORE_ERR: /* 'I' */ /* * Ignore errors! @@ -337,6 +365,7 @@ rewrite_rule_compile( */ rule->lr_flags = flags; /* don't really need any longer ... */ rule->lr_mode = mode; + rule->lr_max_passes = max_passes; rule->lr_action = first_action; /* @@ -387,8 +416,8 @@ rewrite_rule_apply( recurse:; Debug( LDAP_DEBUG_TRACE, "==> rewrite_rule_apply" - " rule='%s' string='%s'\n", - rule->lr_pattern, string, 0 ); + " rule='%s' string='%s' [%s pass(es)]\n", + rule->lr_pattern, string, strcnt + 1 ); op->lo_num_passes++; if ( regexec( &rule->lr_regex, string, nmatch, match, 0 ) != 0 ) { @@ -418,9 +447,9 @@ recurse:; } if ( ( rule->lr_mode & REWRITE_RECURSE ) == REWRITE_RECURSE - && op->lo_num_passes <= info->li_max_passes ) { + && op->lo_num_passes < info->li_max_passes + && ++strcnt < rule->lr_max_passes ) { string = *result; - strcnt++; goto recurse; }