latest limits code

CHANGES

 OpenLDAP 2.2 Change Log
 
-OpenLDAP 2.2.9 Engineering
+OpenLDAP 2.2.9 Release
 	Fixed slapd syncrepl replication bugs (ITS#3055,3056,3069)
 	Fixed slapd slurpd update bugs
 	Fixed slapd inappropriate bind error disclosure bugs

build/version.var

@@ -16,8 +16,8 @@ ol_package=OpenLDAP
 ol_major=2
 ol_minor=2
 ol_patch=X
-ol_api_inc=20208
+ol_api_inc=20209
 ol_api_current=7
-ol_api_revision=1
+ol_api_revision=2
 ol_api_age=0
 ol_release_date="2004/03/26"

servers/slapd/limits.c

@@ -683,6 +683,7 @@ limits_parse_one(
 			arg++;
 			if ( strcasecmp( arg, "none" ) == 0 ) {
 				limit->lms_t_soft = -1;
+
 			} else {
 				char	*next = NULL;
 
@@ -706,6 +707,7 @@ limits_parse_one(
 				arg += STRLENOF( "soft=" );
 				if ( strcasecmp( arg, "none" ) == 0 ) {
 					limit->lms_s_soft = -1;
+
 				} else {
 					char	*next = NULL;
 					int	soft = strtol( arg, &next, 10 );
@@ -854,6 +856,7 @@ limits_parse_one(
 			arg++;
 			if ( strcasecmp( arg, "none" ) == 0 ) {
 				limit->lms_s_soft = -1;
+
 			} else {
 				char	*next = NULL;
 
@@ -903,23 +906,25 @@ limits_check( Operation *op, SlapReply *rs )
 		if ( op->ors_tlimit <= 0 ) {
 			op->ors_tlimit = op->ors_limit->lms_t_soft;
 
-		/* if requested limit higher than hard limit, abort */
-		} else if ( op->ors_tlimit > op->ors_limit->lms_t_hard ) {
+		} else {
 			/* no hard limit means use soft instead */
-			if ( op->ors_limit->lms_t_hard == 0
-					&& op->ors_limit->lms_t_soft > -1
-					&& op->ors_tlimit > op->ors_limit->lms_t_soft ) {
-				op->ors_tlimit = op->ors_limit->lms_t_soft;
+			if ( op->ors_limit->lms_t_hard == 0 ) {
+				if ( op->ors_limit->lms_t_soft > -1
+						&& op->ors_tlimit > op->ors_limit->lms_t_soft ) {
+					op->ors_tlimit = op->ors_limit->lms_t_soft;
+				}
 
-			/* positive hard limit means abort */
-			} else if ( op->ors_limit->lms_t_hard > 0 ) {
+			/* -1 means no hard limit */
+			} else if ( op->ors_limit->lms_t_hard == -1 ) {
+				op->ors_tlimit = -1;
+		
+			/* error if exceeding hard limit */	
+			} else if ( op->ors_tlimit > op->ors_limit->lms_t_hard ) {
 				rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
 				send_ldap_result( op, rs );
 				rs->sr_err = LDAP_SUCCESS;
 				return -1;
 			}
-	
-			/* negative hard limit means no limit */
 		}
 
 		/* don't even get to backend if candidate check is disabled */
@@ -942,6 +947,9 @@ limits_check( Operation *op, SlapReply *rs )
 				rs->sr_err = LDAP_SUCCESS;
 				rs->sr_text = NULL;
 				return -1;
+
+			} else if ( op->ors_limit->lms_s_pr_total == -1 ) {
+				slimit = -1;
 	
 			} else {
 				/* if no limit is required, use soft limit */
@@ -953,23 +961,7 @@ limits_check( Operation *op, SlapReply *rs )
 				/* if the limit is set, check that it does not violate any limit */
 				if ( op->ors_slimit > 0 ) {
 					slimit2 = op->ors_slimit;
-					if ( op->ors_limit->lms_s_pr_total > 0 ) {
-						if ( op->ors_slimit > op->ors_limit->lms_s_pr_total ) {
-							slimit2 = -2;
-						}
-
-					} else if ( op->ors_limit->lms_s_hard > 0 ) {
-						if ( op->ors_slimit > op->ors_limit->lms_s_hard ) {
-							slimit2 = -2;
-						}
-
-					} else if ( op->ors_limit->lms_s_soft > 0 && op->ors_slimit > op->ors_limit->lms_s_soft ) {
-						if ( op->ors_slimit > op->ors_limit->lms_s_soft ) {
-							slimit2 = -2;
-						}
-					}
-
-					if ( slimit2 == -2 ) {
+					if ( op->ors_slimit > op->ors_limit->lms_s_pr_total ) {
 						rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
 						send_ldap_result( op, rs );
 						rs->sr_err = LDAP_SUCCESS;
@@ -977,15 +969,7 @@ limits_check( Operation *op, SlapReply *rs )
 					}
 
 				} else {
-					if ( op->ors_limit->lms_s_pr_total > 0 ) {
-						slimit2 = op->ors_limit->lms_s_pr_total;
-
-					} else if ( op->ors_limit->lms_s_hard > 0 ) {
-						slimit2 = op->ors_limit->lms_s_hard;
-
-					} else if ( op->ors_limit->lms_s_soft > 0 ) {
-						slimit2 = op->ors_limit->lms_s_soft;
-					}
+					slimit2 = op->ors_limit->lms_s_pr_total;
 				}
 
 				total = slimit2 - op->o_pagedresults_state.ps_count;
@@ -1026,6 +1010,7 @@ limits_check( Operation *op, SlapReply *rs )
 					send_ldap_result( op, rs );
 					rs->sr_err = LDAP_SUCCESS;
 					return -1;
+
 				} else {
 					op->ors_slimit = slimit;
 				}
@@ -1035,26 +1020,28 @@ limits_check( Operation *op, SlapReply *rs )
 				op->ors_slimit = op->ors_limit->lms_s_hard;
 			}
 
-		/* if requested limit higher than hard limit, abort */
-		} else if ( op->ors_slimit > op->ors_limit->lms_s_hard ) {
+		} else if ( op->ors_slimit == 0 ) {
+			op->ors_slimit = op->ors_limit->lms_s_soft;
+
+		} else {
 			/* no hard limit means use soft instead */
-			if ( op->ors_limit->lms_s_hard == 0
-					&& op->ors_limit->lms_s_soft > -1
-					&& op->ors_slimit > op->ors_limit->lms_s_soft ) {
-				op->ors_slimit = op->ors_limit->lms_s_soft;
+			if ( op->ors_limit->lms_s_hard == 0 ) {
+				if ( op->ors_limit->lms_s_soft > -1
+						&& op->ors_slimit > op->ors_limit->lms_s_soft ) {
+					op->ors_slimit = op->ors_limit->lms_s_soft;
+				}
 
-			/* positive hard limit means abort */
-			} else if ( op->ors_limit->lms_s_hard > 0 ) {
+			/* -1 means no hard limit */
+			} else if ( op->ors_limit->lms_s_hard == -1 ) {
+				op->ors_slimit = -1;
+					
+			/* error if exceeding hard limit */	
+			} else if ( op->ors_slimit > op->ors_limit->lms_s_hard ) {
 				rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
 				send_ldap_result( op, rs );
-				rs->sr_err = LDAP_SUCCESS;	
+				rs->sr_err = LDAP_SUCCESS;
 				return -1;
 			}
-		
-			/* negative hard limit means no limit */
-
-		} else if ( op->ors_slimit == 0 ) {
-			op->ors_slimit = op->ors_limit->lms_s_soft;
 		}
 	}