From bd091ce276db684f2b53da4b7d8ce5ac6853819b Mon Sep 17 00:00:00 2001 From: Mark Adamson Date: Wed, 21 Nov 2001 20:28:15 +0000 Subject: [PATCH] Allow size and time limits in slapd.conf for anonymous bound search operations --- doc/man/man5/slapd.conf.5 | 7 +++++-- servers/slapd/limits.c | 34 ++++++++++++++++++++++++---------- servers/slapd/slap.h | 1 + 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index d765d3cb15..f1df9ffb47 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -158,7 +158,7 @@ feature. The default is 0. Read additional configuration information from the given file before continuing with the next line of the current file. .TP -.B limits [dn[.{exact|regex}]=] [...] +.B limits [dn[.{exact|regex|anonymous}]=] [...] Specify time and size limits based on the distinguished name that initiated an operation. The argument @@ -168,7 +168,10 @@ It is a distinguished name in case of .BR exact match, or an Extended Regex pattern in case of .BR regex -match (the default). +match (the default). In the case of +.BR anonymous +the pattern is ignored and the limits will apply to anonymously +bound operations. The currently supported limits are "size" and "time". The syntax for time limits is diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c index 614bd2cee7..ad647a6718 100644 --- a/servers/slapd/limits.c +++ b/servers/slapd/limits.c @@ -30,16 +30,16 @@ get_limits( */ *limit = &be->be_def_limit; - /* - * anonymous or no regex-based limits? - */ - if ( be->be_limits == NULL || ndn == NULL || ndn[0] == '\0' ) { + if ( be->be_limits == NULL ) { return( 0 ); } for ( lm = be->be_limits; lm[0] != NULL; lm++ ) { switch ( lm[0]->lm_type) { case SLAP_LIMITS_EXACT: + if ( ndn == NULL || ndn[0] == '\0' ) { + break; + } if ( strcmp( lm[0]->lm_dn_pat, ndn ) == 0 ) { *limit = &lm[0]->lm_limits; return( 0 ); @@ -47,12 +47,20 @@ get_limits( break; case SLAP_LIMITS_REGEX: + if ( ndn == NULL || ndn[0] == '\0' ) { + break; + } if ( regexec( &lm[0]->lm_dn_regex, ndn, 0, NULL, 0 ) == 0 ) { *limit = &lm[0]->lm_limits; return( 0 ); } break; - + case SLAP_LIMITS_ANONYMOUS: + if ( ndn == NULL || ndn[0] == '\0' ) { + *limit = &lm[0]->lm_limits; + return( 0 ); + } + break; default: assert( 0 ); /* unreachable */ return( -1 ); @@ -74,7 +82,6 @@ add_limits( struct slap_limits *lm; assert( be ); - assert( pattern ); assert( limit ); lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 ); @@ -100,6 +107,10 @@ add_limits( return( -1 ); } break; + case SLAP_LIMITS_ANONYMOUS: + lm->lm_type = SLAP_LIMITS_ANONYMOUS; + lm->lm_dn_pat = NULL; + break; } lm->lm_limits = *limit; @@ -158,7 +169,7 @@ parse_limits( * * : * - * [ "dn" [ "." { "exact" | "regex" } ] "=" ] + * [ "dn" [ "." { "exact" | "regex" | "anonymous" } ] "=" ] * * * : @@ -179,20 +190,23 @@ parse_limits( } else if ( strncasecmp( pattern, "regex", 5 ) == 0 ) { type = SLAP_LIMITS_REGEX; pattern += 5; + } else if ( strncasecmp( pattern, "anonymous", 9 ) == 0 ) { + type = SLAP_LIMITS_ANONYMOUS; + pattern = NULL; } } - if ( pattern[0] != '=' ) { + if (( type != SLAP_LIMITS_ANONYMOUS ) && ( pattern[0] != '=' )) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s : line %d: missing '=' in " - "\"dn[.{exact|regex}]=\" in " + "\"dn[.{exact|regex|anonymous}]=\" in " "\"limits \" line.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s : line %d: missing '=' in " - "\"dn[.{exact|regex}]=\" in " + "\"dn[.{exact|regex|anonymous}]=\" in " "\"limits \" line.\n%s", fname, lineno, "" ); #endif diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 9ebe047e77..84649445e2 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -856,6 +856,7 @@ struct slap_limits { #define SLAP_LIMITS_UNDEFINED 0x0000 #define SLAP_LIMITS_EXACT 0x0001 #define SLAP_LIMITS_REGEX 0x0002 +#define SLAP_LIMITS_ANONYMOUS 0x0003 regex_t lm_dn_regex; /* regex-based size and time limits */ char *lm_dn_pat; /* ndn for EXACT; pattern for REGEX */ struct slap_limits_set lm_limits; -- 2.39.5