From d1b692ceb4167fc583d04ced0cb5ca3bdff1dfa1 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Sat, 12 Jun 2004 11:33:21 +0000 Subject: [PATCH] clarify no limits in (internal) searches --- servers/slapd/back-bdb/search.c | 4 +++- servers/slapd/back-ldap/search.c | 2 +- servers/slapd/back-ldbm/search.c | 4 +++- servers/slapd/back-passwd/search.c | 12 ++++++------ servers/slapd/back-sql/search.c | 9 ++++++--- servers/slapd/backglue.c | 8 +++++--- servers/slapd/limits.c | 6 +++--- servers/slapd/overlays/pcache.c | 4 ++-- servers/slapd/overlays/refint.c | 4 ++-- servers/slapd/overlays/unique.c | 12 ++++++------ servers/slapd/sasl.c | 1 + servers/slapd/saslauthz.c | 4 ++-- servers/slapd/slap.h | 5 +++++ servers/slapd/slapi/slapi_ops.c | 4 ++-- 14 files changed, 47 insertions(+), 32 deletions(-) diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 7a91c99c0b..92db06242d 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -881,7 +881,9 @@ loop_begin: } /* check time limit */ - if ( sop->ors_tlimit != -1 && slap_get_time() > stoptime ) { + if ( sop->ors_tlimit != SLAP_NO_LIMIT + && slap_get_time() > stoptime ) + { rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; rs->sr_ref = rs->sr_v2ref; send_ldap_result( sop, rs ); diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 6da4f608d9..7fc6cefc81 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -77,7 +77,7 @@ ldap_back_search( /* should we check return values? */ if (op->ors_deref != -1) ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&op->ors_deref); - if (op->ors_tlimit != -1) { + if (op->ors_tlimit != SLAP_NO_LIMIT) { tv.tv_sec = op->ors_tlimit; tv.tv_usec = 0; } else { diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 960209ba12..c21ecdd0b5 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -231,7 +231,9 @@ searchit: } /* check time limit */ - if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) { + if ( op->ors_tlimit != SLAP_NO_LIMIT + && slap_get_time() > stoptime ) + { rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; send_ldap_result( op, rs ); rc = LDAP_SUCCESS; diff --git a/servers/slapd/back-passwd/search.c b/servers/slapd/back-passwd/search.c index 4f77968719..1317459fd5 100644 --- a/servers/slapd/back-passwd/search.c +++ b/servers/slapd/back-passwd/search.c @@ -69,11 +69,9 @@ passwd_back_search( AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; - op->ors_tlimit = (op->ors_tlimit > op->o_bd->be_timelimit || op->ors_tlimit < 1) ? op->o_bd->be_timelimit - : op->ors_tlimit; - stoptime = op->o_time + op->ors_tlimit; - op->ors_slimit = (op->ors_slimit > op->o_bd->be_sizelimit || op->ors_slimit < 1) ? op->o_bd->be_sizelimit - : op->ors_slimit; + if (op->ors_tlimit != SLAP_NO_LIMIT ) { + stoptime = op->o_time + op->ors_tlimit; + } /* Handle a query for the base of this backend */ if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) { @@ -150,7 +148,9 @@ passwd_back_search( } /* check time limit */ - if ( slap_get_time() > stoptime ) { + if ( op->ors_tlimit != SLAP_NO_LIMIT + && slap_get_time() > stoptime ) + { send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL ); endpwent(); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c index f1ceffa61e..cf35e0fc14 100644 --- a/servers/slapd/back-sql/search.c +++ b/servers/slapd/back-sql/search.c @@ -1459,7 +1459,9 @@ backsql_search( Operation *op, SlapReply *rs ) } /* check time limit */ - if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) { + if ( op->ors_tlimit != SLAP_NO_LIMIT + && slap_get_time() > stoptime ) + { rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; rs->sr_ctrls = NULL; rs->sr_ref = rs->sr_v2ref; @@ -1601,8 +1603,9 @@ backsql_search( Operation *op, SlapReply *rs ) } entry_free( entry ); - if ( op->ors_slimit != -1 - && rs->sr_nentries >= op->ors_slimit ) { + if ( op->ors_slimit != SLAP_NO_LIMIT + && rs->sr_nentries >= op->ors_slimit ) + { rs->sr_err = LDAP_SIZELIMIT_EXCEEDED; send_ldap_result( op, rs ); goto end_of_search; diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c index 59ea867f52..c7e9543e33 100644 --- a/servers/slapd/backglue.c +++ b/servers/slapd/backglue.c @@ -194,7 +194,9 @@ glue_back_response ( Operation *op, SlapReply *rs ) switch(rs->sr_type) { case REP_SEARCH: - if ( gs->slimit != -1 && rs->sr_nentries >= gs->slimit ) { + if ( gs->slimit != SLAP_NO_LIMIT + && rs->sr_nentries >= gs->slimit ) + { rs->sr_err = gs->err = LDAP_SIZELIMIT_EXCEEDED; return -1; } @@ -313,14 +315,14 @@ glue_back_search ( Operation *op, SlapReply *rs ) continue; if (!dnIsSuffix(&gi->n[i].be->be_nsuffix[0], &b1->be_nsuffix[0])) continue; - if (tlimit0 != -1) { + if (tlimit0 != SLAP_NO_LIMIT) { op->ors_tlimit = stoptime - slap_get_time (); if (op->ors_tlimit <= 0) { rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED; break; } } - if (slimit0 != -1) { + if (slimit0 != SLAP_NO_LIMIT) { op->ors_slimit = slimit0 - rs->sr_nentries; if (op->ors_slimit < 0) { rs->sr_err = gs.err = LDAP_SIZELIMIT_EXCEEDED; diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c index 55fce61705..836b4624b5 100644 --- a/servers/slapd/limits.c +++ b/servers/slapd/limits.c @@ -1001,11 +1001,11 @@ limits_check( Operation *op, SlapReply *rs ) op->ors_limit = NULL; if ( op->ors_tlimit == 0 ) { - op->ors_tlimit = -1; + op->ors_tlimit = SLAP_NO_LIMIT; } if ( op->ors_slimit == 0 ) { - op->ors_slimit = -1; + op->ors_slimit = SLAP_NO_LIMIT; } /* if not root, get appropriate limits */ @@ -1084,7 +1084,7 @@ limits_check( Operation *op, SlapReply *rs ) if ( pr_total == -1 ) { slimit = -1; - } else if ( pr_total > 0 && ( op->ors_slimit == -1 || op->ors_slimit > pr_total ) ) { + } else if ( pr_total > 0 && ( op->ors_slimit == SLAP_NO_LIMIT || op->ors_slimit > pr_total ) ) { rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; send_ldap_result( op, rs ); rs->sr_err = LDAP_SUCCESS; diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c index 5a88e95b2f..4567c93369 100644 --- a/servers/slapd/overlays/pcache.c +++ b/servers/slapd/overlays/pcache.c @@ -869,8 +869,8 @@ remove_query_data ( op->o_req_ndn = op->o_bd->be_nsuffix[0]; op->ors_scope = LDAP_SCOPE_SUBTREE; op->ors_deref = LDAP_DEREF_NEVER; - op->ors_slimit = -1; - op->ors_tlimit = -1; + op->ors_slimit = SLAP_NO_LIMIT; + op->ors_tlimit = SLAP_NO_LIMIT; op->ors_filter = &filter; op->ors_filterstr.bv_val = filter_str; op->ors_filterstr.bv_len = strlen(filter_str); diff --git a/servers/slapd/overlays/refint.c b/servers/slapd/overlays/refint.c index c802a965b9..48aab57044 100644 --- a/servers/slapd/overlays/refint.c +++ b/servers/slapd/overlays/refint.c @@ -551,8 +551,8 @@ refint_response( nop.o_tag = LDAP_REQ_SEARCH; nop.ors_scope = LDAP_SCOPE_SUBTREE; nop.ors_deref = LDAP_DEREF_NEVER; - nop.ors_slimit = -1; - nop.ors_tlimit = -1; + nop.ors_slimit = SLAP_NO_LIMIT; + nop.ors_tlimit = SLAP_NO_LIMIT; nop.o_req_ndn = id->dn; nop.o_req_dn = id->dn; diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 4fe528d8df..866e5e30cb 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -349,8 +349,8 @@ static int unique_add( nop.o_tag = LDAP_REQ_SEARCH; nop.ors_scope = LDAP_SCOPE_SUBTREE; nop.ors_deref = LDAP_DEREF_NEVER; - nop.ors_slimit = -1; - nop.ors_tlimit = -1; + nop.ors_slimit = SLAP_NO_LIMIT; + nop.ors_tlimit = SLAP_NO_LIMIT; nop.o_req_ndn = ud->dn; nop.o_ndn = op->o_bd->be_rootndn; @@ -482,8 +482,8 @@ static int unique_modify( nop.o_tag = LDAP_REQ_SEARCH; nop.ors_scope = LDAP_SCOPE_SUBTREE; nop.ors_deref = LDAP_DEREF_NEVER; - nop.ors_slimit = -1; - nop.ors_tlimit = -1; + nop.ors_slimit = SLAP_NO_LIMIT; + nop.ors_tlimit = SLAP_NO_LIMIT; nop.o_req_ndn = ud->dn; nop.o_ndn = op->o_bd->be_rootndn; @@ -612,8 +612,8 @@ static int unique_modrdn( nop.o_tag = LDAP_REQ_SEARCH; nop.ors_scope = LDAP_SCOPE_SUBTREE; nop.ors_deref = LDAP_DEREF_NEVER; - nop.ors_slimit = -1; - nop.ors_tlimit = -1; + nop.ors_slimit = SLAP_NO_LIMIT; + nop.ors_tlimit = SLAP_NO_LIMIT; nop.o_req_ndn = ud->dn; nop.o_ndn = op->o_bd->be_rootndn; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 43f32f2c28..02409f1116 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -482,6 +482,7 @@ slap_auxprop_lookup( op.o_req_dn = op.o_req_ndn; op.ors_scope = LDAP_SCOPE_BASE; op.ors_deref = LDAP_DEREF_NEVER; + op.ors_tlimit = SLAP_NO_LIMIT; op.ors_slimit = 1; op.ors_filter = &generic_filter; op.ors_filterstr = generic_filterstr; diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 379e85e38e..52e5bbadc4 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -1049,7 +1049,7 @@ exact_match: if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val ); ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx ); op.oq_search.rs_slimit = 1; - op.oq_search.rs_tlimit = -1; + op.oq_search.rs_tlimit = SLAP_NO_LIMIT; op.o_sync_slog_size = -1; op.o_bd->be_search( &op, &rs ); @@ -1234,7 +1234,7 @@ void slap_sasl2dn( Operation *opx, #endif op.oq_search.rs_deref = LDAP_DEREF_NEVER; op.oq_search.rs_slimit = 1; - op.oq_search.rs_tlimit = -1; + op.oq_search.rs_tlimit = SLAP_NO_LIMIT; op.oq_search.rs_attrsonly = 1; /* use req_ndn as req_dn instead of non-pretty base of uri */ if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val ); diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index c7e76756ac..0a36d8da30 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1312,6 +1312,9 @@ struct slap_limits_set { int lms_s_pr_total; }; +/* Note: this is different from LDAP_NO_LIMIT (0); slapd internal use only */ +#define SLAP_NO_LIMIT -1 + struct slap_limits { unsigned lm_flags; /* type of pattern */ #define SLAP_LIMITS_UNDEFINED 0x0000U @@ -1509,6 +1512,8 @@ struct slap_backend_db { #define SLAP_RESTRICT_OP_SEARCH 0x0080U #define SLAP_RESTRICT_OP_MASK 0x00FFU +#define SLAP_RESTRICT_READONLY 0x80000000U + #define SLAP_RESTRICT_EXOP_START_TLS 0x0100U #define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U #define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index fff7d97067..588eb4c042 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -1218,8 +1218,8 @@ slapi_search_internal( op->oq_search.rs_scope = scope; op->oq_search.rs_deref = 0; - op->oq_search.rs_slimit = LDAP_NO_LIMIT; - op->oq_search.rs_tlimit = LDAP_NO_LIMIT; + op->oq_search.rs_slimit = SLAP_NO_LIMIT; + op->oq_search.rs_tlimit = SLAP_NO_LIMIT; op->oq_search.rs_attrsonly = attrsonly; op->oq_search.rs_attrs = an; op->oq_search.rs_filter = filter;