mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
clarify no limits in (internal) searches
This commit is contained in:
parent
ada1ee11fe
commit
d1b692ceb4
@ -881,7 +881,9 @@ loop_begin:
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check time limit */
|
/* check time limit */
|
||||||
if ( sop->ors_tlimit != -1 && slap_get_time() > stoptime ) {
|
if ( sop->ors_tlimit != SLAP_NO_LIMIT
|
||||||
|
&& slap_get_time() > stoptime )
|
||||||
|
{
|
||||||
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
||||||
rs->sr_ref = rs->sr_v2ref;
|
rs->sr_ref = rs->sr_v2ref;
|
||||||
send_ldap_result( sop, rs );
|
send_ldap_result( sop, rs );
|
||||||
|
@ -77,7 +77,7 @@ ldap_back_search(
|
|||||||
/* should we check return values? */
|
/* should we check return values? */
|
||||||
if (op->ors_deref != -1)
|
if (op->ors_deref != -1)
|
||||||
ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&op->ors_deref);
|
ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&op->ors_deref);
|
||||||
if (op->ors_tlimit != -1) {
|
if (op->ors_tlimit != SLAP_NO_LIMIT) {
|
||||||
tv.tv_sec = op->ors_tlimit;
|
tv.tv_sec = op->ors_tlimit;
|
||||||
tv.tv_usec = 0;
|
tv.tv_usec = 0;
|
||||||
} else {
|
} else {
|
||||||
|
@ -231,7 +231,9 @@ searchit:
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check time limit */
|
/* check time limit */
|
||||||
if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) {
|
if ( op->ors_tlimit != SLAP_NO_LIMIT
|
||||||
|
&& slap_get_time() > stoptime )
|
||||||
|
{
|
||||||
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
||||||
send_ldap_result( op, rs );
|
send_ldap_result( op, rs );
|
||||||
rc = LDAP_SUCCESS;
|
rc = LDAP_SUCCESS;
|
||||||
|
@ -69,11 +69,9 @@ passwd_back_search(
|
|||||||
|
|
||||||
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
|
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
|
||||||
|
|
||||||
op->ors_tlimit = (op->ors_tlimit > op->o_bd->be_timelimit || op->ors_tlimit < 1) ? op->o_bd->be_timelimit
|
if (op->ors_tlimit != SLAP_NO_LIMIT ) {
|
||||||
: op->ors_tlimit;
|
|
||||||
stoptime = op->o_time + op->ors_tlimit;
|
stoptime = op->o_time + op->ors_tlimit;
|
||||||
op->ors_slimit = (op->ors_slimit > op->o_bd->be_sizelimit || op->ors_slimit < 1) ? op->o_bd->be_sizelimit
|
}
|
||||||
: op->ors_slimit;
|
|
||||||
|
|
||||||
/* Handle a query for the base of this backend */
|
/* Handle a query for the base of this backend */
|
||||||
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
|
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
|
||||||
@ -150,7 +148,9 @@ passwd_back_search(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check time limit */
|
/* check time limit */
|
||||||
if ( slap_get_time() > stoptime ) {
|
if ( op->ors_tlimit != SLAP_NO_LIMIT
|
||||||
|
&& slap_get_time() > stoptime )
|
||||||
|
{
|
||||||
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
|
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
|
||||||
endpwent();
|
endpwent();
|
||||||
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
|
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
|
||||||
|
@ -1459,7 +1459,9 @@ backsql_search( Operation *op, SlapReply *rs )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check time limit */
|
/* check time limit */
|
||||||
if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) {
|
if ( op->ors_tlimit != SLAP_NO_LIMIT
|
||||||
|
&& slap_get_time() > stoptime )
|
||||||
|
{
|
||||||
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
||||||
rs->sr_ctrls = NULL;
|
rs->sr_ctrls = NULL;
|
||||||
rs->sr_ref = rs->sr_v2ref;
|
rs->sr_ref = rs->sr_v2ref;
|
||||||
@ -1601,8 +1603,9 @@ backsql_search( Operation *op, SlapReply *rs )
|
|||||||
}
|
}
|
||||||
entry_free( entry );
|
entry_free( entry );
|
||||||
|
|
||||||
if ( op->ors_slimit != -1
|
if ( op->ors_slimit != SLAP_NO_LIMIT
|
||||||
&& rs->sr_nentries >= op->ors_slimit ) {
|
&& rs->sr_nentries >= op->ors_slimit )
|
||||||
|
{
|
||||||
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
|
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
|
||||||
send_ldap_result( op, rs );
|
send_ldap_result( op, rs );
|
||||||
goto end_of_search;
|
goto end_of_search;
|
||||||
|
@ -194,7 +194,9 @@ glue_back_response ( Operation *op, SlapReply *rs )
|
|||||||
|
|
||||||
switch(rs->sr_type) {
|
switch(rs->sr_type) {
|
||||||
case REP_SEARCH:
|
case REP_SEARCH:
|
||||||
if ( gs->slimit != -1 && rs->sr_nentries >= gs->slimit ) {
|
if ( gs->slimit != SLAP_NO_LIMIT
|
||||||
|
&& rs->sr_nentries >= gs->slimit )
|
||||||
|
{
|
||||||
rs->sr_err = gs->err = LDAP_SIZELIMIT_EXCEEDED;
|
rs->sr_err = gs->err = LDAP_SIZELIMIT_EXCEEDED;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -313,14 +315,14 @@ glue_back_search ( Operation *op, SlapReply *rs )
|
|||||||
continue;
|
continue;
|
||||||
if (!dnIsSuffix(&gi->n[i].be->be_nsuffix[0], &b1->be_nsuffix[0]))
|
if (!dnIsSuffix(&gi->n[i].be->be_nsuffix[0], &b1->be_nsuffix[0]))
|
||||||
continue;
|
continue;
|
||||||
if (tlimit0 != -1) {
|
if (tlimit0 != SLAP_NO_LIMIT) {
|
||||||
op->ors_tlimit = stoptime - slap_get_time ();
|
op->ors_tlimit = stoptime - slap_get_time ();
|
||||||
if (op->ors_tlimit <= 0) {
|
if (op->ors_tlimit <= 0) {
|
||||||
rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
|
rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (slimit0 != -1) {
|
if (slimit0 != SLAP_NO_LIMIT) {
|
||||||
op->ors_slimit = slimit0 - rs->sr_nentries;
|
op->ors_slimit = slimit0 - rs->sr_nentries;
|
||||||
if (op->ors_slimit < 0) {
|
if (op->ors_slimit < 0) {
|
||||||
rs->sr_err = gs.err = LDAP_SIZELIMIT_EXCEEDED;
|
rs->sr_err = gs.err = LDAP_SIZELIMIT_EXCEEDED;
|
||||||
|
@ -1001,11 +1001,11 @@ limits_check( Operation *op, SlapReply *rs )
|
|||||||
op->ors_limit = NULL;
|
op->ors_limit = NULL;
|
||||||
|
|
||||||
if ( op->ors_tlimit == 0 ) {
|
if ( op->ors_tlimit == 0 ) {
|
||||||
op->ors_tlimit = -1;
|
op->ors_tlimit = SLAP_NO_LIMIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( op->ors_slimit == 0 ) {
|
if ( op->ors_slimit == 0 ) {
|
||||||
op->ors_slimit = -1;
|
op->ors_slimit = SLAP_NO_LIMIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if not root, get appropriate limits */
|
/* if not root, get appropriate limits */
|
||||||
@ -1084,7 +1084,7 @@ limits_check( Operation *op, SlapReply *rs )
|
|||||||
if ( pr_total == -1 ) {
|
if ( pr_total == -1 ) {
|
||||||
slimit = -1;
|
slimit = -1;
|
||||||
|
|
||||||
} else if ( pr_total > 0 && ( op->ors_slimit == -1 || op->ors_slimit > pr_total ) ) {
|
} else if ( pr_total > 0 && ( op->ors_slimit == SLAP_NO_LIMIT || op->ors_slimit > pr_total ) ) {
|
||||||
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
|
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
|
||||||
send_ldap_result( op, rs );
|
send_ldap_result( op, rs );
|
||||||
rs->sr_err = LDAP_SUCCESS;
|
rs->sr_err = LDAP_SUCCESS;
|
||||||
|
@ -869,8 +869,8 @@ remove_query_data (
|
|||||||
op->o_req_ndn = op->o_bd->be_nsuffix[0];
|
op->o_req_ndn = op->o_bd->be_nsuffix[0];
|
||||||
op->ors_scope = LDAP_SCOPE_SUBTREE;
|
op->ors_scope = LDAP_SCOPE_SUBTREE;
|
||||||
op->ors_deref = LDAP_DEREF_NEVER;
|
op->ors_deref = LDAP_DEREF_NEVER;
|
||||||
op->ors_slimit = -1;
|
op->ors_slimit = SLAP_NO_LIMIT;
|
||||||
op->ors_tlimit = -1;
|
op->ors_tlimit = SLAP_NO_LIMIT;
|
||||||
op->ors_filter = &filter;
|
op->ors_filter = &filter;
|
||||||
op->ors_filterstr.bv_val = filter_str;
|
op->ors_filterstr.bv_val = filter_str;
|
||||||
op->ors_filterstr.bv_len = strlen(filter_str);
|
op->ors_filterstr.bv_len = strlen(filter_str);
|
||||||
|
@ -551,8 +551,8 @@ refint_response(
|
|||||||
nop.o_tag = LDAP_REQ_SEARCH;
|
nop.o_tag = LDAP_REQ_SEARCH;
|
||||||
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
||||||
nop.ors_deref = LDAP_DEREF_NEVER;
|
nop.ors_deref = LDAP_DEREF_NEVER;
|
||||||
nop.ors_slimit = -1;
|
nop.ors_slimit = SLAP_NO_LIMIT;
|
||||||
nop.ors_tlimit = -1;
|
nop.ors_tlimit = SLAP_NO_LIMIT;
|
||||||
nop.o_req_ndn = id->dn;
|
nop.o_req_ndn = id->dn;
|
||||||
nop.o_req_dn = id->dn;
|
nop.o_req_dn = id->dn;
|
||||||
|
|
||||||
|
@ -349,8 +349,8 @@ static int unique_add(
|
|||||||
nop.o_tag = LDAP_REQ_SEARCH;
|
nop.o_tag = LDAP_REQ_SEARCH;
|
||||||
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
||||||
nop.ors_deref = LDAP_DEREF_NEVER;
|
nop.ors_deref = LDAP_DEREF_NEVER;
|
||||||
nop.ors_slimit = -1;
|
nop.ors_slimit = SLAP_NO_LIMIT;
|
||||||
nop.ors_tlimit = -1;
|
nop.ors_tlimit = SLAP_NO_LIMIT;
|
||||||
nop.o_req_ndn = ud->dn;
|
nop.o_req_ndn = ud->dn;
|
||||||
nop.o_ndn = op->o_bd->be_rootndn;
|
nop.o_ndn = op->o_bd->be_rootndn;
|
||||||
|
|
||||||
@ -482,8 +482,8 @@ static int unique_modify(
|
|||||||
nop.o_tag = LDAP_REQ_SEARCH;
|
nop.o_tag = LDAP_REQ_SEARCH;
|
||||||
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
||||||
nop.ors_deref = LDAP_DEREF_NEVER;
|
nop.ors_deref = LDAP_DEREF_NEVER;
|
||||||
nop.ors_slimit = -1;
|
nop.ors_slimit = SLAP_NO_LIMIT;
|
||||||
nop.ors_tlimit = -1;
|
nop.ors_tlimit = SLAP_NO_LIMIT;
|
||||||
nop.o_req_ndn = ud->dn;
|
nop.o_req_ndn = ud->dn;
|
||||||
nop.o_ndn = op->o_bd->be_rootndn;
|
nop.o_ndn = op->o_bd->be_rootndn;
|
||||||
|
|
||||||
@ -612,8 +612,8 @@ static int unique_modrdn(
|
|||||||
nop.o_tag = LDAP_REQ_SEARCH;
|
nop.o_tag = LDAP_REQ_SEARCH;
|
||||||
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
nop.ors_scope = LDAP_SCOPE_SUBTREE;
|
||||||
nop.ors_deref = LDAP_DEREF_NEVER;
|
nop.ors_deref = LDAP_DEREF_NEVER;
|
||||||
nop.ors_slimit = -1;
|
nop.ors_slimit = SLAP_NO_LIMIT;
|
||||||
nop.ors_tlimit = -1;
|
nop.ors_tlimit = SLAP_NO_LIMIT;
|
||||||
nop.o_req_ndn = ud->dn;
|
nop.o_req_ndn = ud->dn;
|
||||||
nop.o_ndn = op->o_bd->be_rootndn;
|
nop.o_ndn = op->o_bd->be_rootndn;
|
||||||
|
|
||||||
|
@ -482,6 +482,7 @@ slap_auxprop_lookup(
|
|||||||
op.o_req_dn = op.o_req_ndn;
|
op.o_req_dn = op.o_req_ndn;
|
||||||
op.ors_scope = LDAP_SCOPE_BASE;
|
op.ors_scope = LDAP_SCOPE_BASE;
|
||||||
op.ors_deref = LDAP_DEREF_NEVER;
|
op.ors_deref = LDAP_DEREF_NEVER;
|
||||||
|
op.ors_tlimit = SLAP_NO_LIMIT;
|
||||||
op.ors_slimit = 1;
|
op.ors_slimit = 1;
|
||||||
op.ors_filter = &generic_filter;
|
op.ors_filter = &generic_filter;
|
||||||
op.ors_filterstr = generic_filterstr;
|
op.ors_filterstr = generic_filterstr;
|
||||||
|
@ -1049,7 +1049,7 @@ exact_match:
|
|||||||
if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val );
|
if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val );
|
||||||
ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx );
|
ber_dupbv_x( &op.o_req_dn, &op.o_req_ndn, op.o_tmpmemctx );
|
||||||
op.oq_search.rs_slimit = 1;
|
op.oq_search.rs_slimit = 1;
|
||||||
op.oq_search.rs_tlimit = -1;
|
op.oq_search.rs_tlimit = SLAP_NO_LIMIT;
|
||||||
op.o_sync_slog_size = -1;
|
op.o_sync_slog_size = -1;
|
||||||
|
|
||||||
op.o_bd->be_search( &op, &rs );
|
op.o_bd->be_search( &op, &rs );
|
||||||
@ -1234,7 +1234,7 @@ void slap_sasl2dn( Operation *opx,
|
|||||||
#endif
|
#endif
|
||||||
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
|
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
|
||||||
op.oq_search.rs_slimit = 1;
|
op.oq_search.rs_slimit = 1;
|
||||||
op.oq_search.rs_tlimit = -1;
|
op.oq_search.rs_tlimit = SLAP_NO_LIMIT;
|
||||||
op.oq_search.rs_attrsonly = 1;
|
op.oq_search.rs_attrsonly = 1;
|
||||||
/* use req_ndn as req_dn instead of non-pretty base of uri */
|
/* use req_ndn as req_dn instead of non-pretty base of uri */
|
||||||
if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val );
|
if( !BER_BVISNULL( &op.o_req_dn ) ) ch_free( op.o_req_dn.bv_val );
|
||||||
|
@ -1312,6 +1312,9 @@ struct slap_limits_set {
|
|||||||
int lms_s_pr_total;
|
int lms_s_pr_total;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* Note: this is different from LDAP_NO_LIMIT (0); slapd internal use only */
|
||||||
|
#define SLAP_NO_LIMIT -1
|
||||||
|
|
||||||
struct slap_limits {
|
struct slap_limits {
|
||||||
unsigned lm_flags; /* type of pattern */
|
unsigned lm_flags; /* type of pattern */
|
||||||
#define SLAP_LIMITS_UNDEFINED 0x0000U
|
#define SLAP_LIMITS_UNDEFINED 0x0000U
|
||||||
@ -1509,6 +1512,8 @@ struct slap_backend_db {
|
|||||||
#define SLAP_RESTRICT_OP_SEARCH 0x0080U
|
#define SLAP_RESTRICT_OP_SEARCH 0x0080U
|
||||||
#define SLAP_RESTRICT_OP_MASK 0x00FFU
|
#define SLAP_RESTRICT_OP_MASK 0x00FFU
|
||||||
|
|
||||||
|
#define SLAP_RESTRICT_READONLY 0x80000000U
|
||||||
|
|
||||||
#define SLAP_RESTRICT_EXOP_START_TLS 0x0100U
|
#define SLAP_RESTRICT_EXOP_START_TLS 0x0100U
|
||||||
#define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U
|
#define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U
|
||||||
#define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U
|
#define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U
|
||||||
|
@ -1218,8 +1218,8 @@ slapi_search_internal(
|
|||||||
|
|
||||||
op->oq_search.rs_scope = scope;
|
op->oq_search.rs_scope = scope;
|
||||||
op->oq_search.rs_deref = 0;
|
op->oq_search.rs_deref = 0;
|
||||||
op->oq_search.rs_slimit = LDAP_NO_LIMIT;
|
op->oq_search.rs_slimit = SLAP_NO_LIMIT;
|
||||||
op->oq_search.rs_tlimit = LDAP_NO_LIMIT;
|
op->oq_search.rs_tlimit = SLAP_NO_LIMIT;
|
||||||
op->oq_search.rs_attrsonly = attrsonly;
|
op->oq_search.rs_attrsonly = attrsonly;
|
||||||
op->oq_search.rs_attrs = an;
|
op->oq_search.rs_attrs = an;
|
||||||
op->oq_search.rs_filter = filter;
|
op->oq_search.rs_filter = filter;
|
||||||
|
Loading…
Reference in New Issue
Block a user