diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c
index ee785fc132c2f02b4a42b4634a913c411d9f19bc..e394ede1b1f370b566fec926800db89bbca6af82 100644
--- a/servers/slapd/limits.c
+++ b/servers/slapd/limits.c
@@ -18,6 +18,7 @@
#include <stdio.h>
+#include <ac/ctype.h>
#include <ac/regex.h>
#include <ac/string.h>
@@ -67,6 +68,7 @@ limits_get(
struct slap_limits_set **limit
)
{
+ static struct berval empty_dn = BER_BVC( "" );
struct slap_limits **lm;
struct berval *ndns[2];
@@ -95,12 +97,19 @@ limits_get(
unsigned isthis = type == SLAP_LIMITS_TYPE_THIS;
struct berval *ndn = ndns[isthis];
+ if ( style == SLAP_LIMITS_ANY )
+ goto found_any;
+
+ if ( BER_BVISEMPTY( ndn ) ) {
+ if ( style == SLAP_LIMITS_ANONYMOUS )
+ goto found_nodn;
+ if ( !isthis )
+ continue;
+ ndn = &empty_dn;
+ }
+
switch ( style ) {
case SLAP_LIMITS_EXACT:
- if ( BER_BVISEMPTY( ndn ) ) {
- break;
- }
-
if ( type == SLAP_LIMITS_TYPE_GROUP ) {
int rc = backend_group( op, NULL,
&lm[0]->lm_pat, ndn,
@@ -121,10 +130,6 @@ limits_get(
case SLAP_LIMITS_CHILDREN: {
ber_len_t d;
- if ( BER_BVISEMPTY( ndn ) ) {
- break;
- }
-
/* ndn shorter than lm_pat */
if ( ndn->bv_len < lm[0]->lm_pat.bv_len ) {
break;
@@ -159,33 +164,19 @@ limits_get(
}
case SLAP_LIMITS_REGEX:
- if ( BER_BVISEMPTY( ndn ) ) {
- break;
- }
if ( regexec( &lm[0]->lm_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
goto found_dn;
}
break;
case SLAP_LIMITS_ANONYMOUS:
- if ( BER_BVISEMPTY( ndn ) ) {
- goto found;
- }
break;
case SLAP_LIMITS_USERS:
- if ( !BER_BVISEMPTY( ndn ) ) {
- goto found;
- }
- break;
-
- case SLAP_LIMITS_ANY:
- *limit = &lm[0]->lm_limits;
- return( 0 );
-
- found:
+ found_nodn:
Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=%s match=%s\n",
dn_source[isthis], limits2str( style ), 0 );
+ found_any:
*limit = &lm[0]->lm_limits;
return( 0 );
@@ -258,7 +249,6 @@ limits_add(
case SLAP_LIMITS_ONE:
case SLAP_LIMITS_SUBTREE:
case SLAP_LIMITS_CHILDREN:
- lm->lm_flags = style | type;
{
int rc;
struct berval bv;
@@ -274,7 +264,6 @@ limits_add(
break;
case SLAP_LIMITS_REGEX:
- lm->lm_flags = style | type;
ber_str2bv( pattern, 0, 1, &lm->lm_pat );
if ( regcomp( &lm->lm_regex, lm->lm_pat.bv_val,
REG_EXTENDED | REG_ICASE ) ) {
@@ -287,7 +276,6 @@ limits_add(
case SLAP_LIMITS_ANONYMOUS:
case SLAP_LIMITS_USERS:
case SLAP_LIMITS_ANY:
- lm->lm_flags = style | type;
BER_BVZERO( &lm->lm_pat );
break;
}
@@ -301,6 +289,7 @@ limits_add(
break;
}
+ lm->lm_flags = style | type;
lm->lm_limits = *limit;
i = 0;
@@ -457,28 +446,26 @@ limits_parse(
{
flags = SLAP_LIMITS_ANONYMOUS;
pattern = NULL;
+
+ } else {
+ /* force error below */
+ if ( *pattern == '=' )
+ --pattern;
}
}
/* pre-check the data */
- switch ( flags ) {
- case SLAP_LIMITS_ANONYMOUS:
- case SLAP_LIMITS_USERS:
-
- /* no need for pattern */
- pattern = NULL;
- break;
-
- default:
+ if ( pattern != NULL ) {
if ( pattern[0] != '=' ) {
Debug( LDAP_DEBUG_ANY,
- "%s : line %d: missing '=' in "
+ "%s : line %d: %s in "
"\"dn[.{this|self}][.{exact|base"
- "|onelevel|subtree|children|regex}]"
- "=<pattern>\" in "
- "\"limits <pattern> <limits>\" "
- "line.\n%s",
- fname, lineno, "" );
+ "|onelevel|subtree|children|regex"
+ "|anonymous}]=<pattern>\" in "
+ "\"limits <pattern> <limits>\" line.\n",
+ fname, lineno,
+ isalnum( (unsigned char)pattern[0] )
+ ? "unknown DN modifier" : "missing '='" );
return( -1 );
}
@@ -490,7 +477,7 @@ limits_parse(
flags = SLAP_LIMITS_ANY;
pattern = NULL;
- } else if ( flags == SLAP_LIMITS_REGEX
+ } else if ( (flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX
&& strcmp( pattern, ".*" ) == 0 ) {
flags = SLAP_LIMITS_ANY;
pattern = NULL;
@@ -1348,23 +1335,11 @@ limits_destroy(
}
for ( i = 0; lm[ i ]; i++ ) {
- switch ( lm[ i ]->lm_flags & SLAP_LIMITS_MASK ) {
- case SLAP_LIMITS_REGEX:
+ if ( (lm[ i ]->lm_flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX )
regfree( &lm[ i ]->lm_regex );
- break;
- case SLAP_LIMITS_EXACT:
- case SLAP_LIMITS_ONE:
- case SLAP_LIMITS_SUBTREE:
- case SLAP_LIMITS_CHILDREN:
- if ( !BER_BVISNULL( &lm[ i ]->lm_pat ) ) {
- ch_free( lm[ i ]->lm_pat.bv_val );
- }
- break;
-
- default:
- break;
- }
+ if ( !BER_BVISNULL( &lm[ i ]->lm_pat ) )
+ ch_free( lm[ i ]->lm_pat.bv_val );
ch_free( lm[ i ] );
}