Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Nadezhda Ivanova
OpenLDAP
Commits
f1ebb456
Commit
f1ebb456
authored
Mar 22, 2021
by
Howard Chu
Browse files
ITS
#9251
make max filter depth configurable
parent
da57548e
Changes
7
Hide whitespace changes
Inline
Side-by-side
doc/man/man5/slapd-config.5
View file @
f1ebb456
...
...
@@ -689,6 +689,10 @@ This level should usually also be included when using other loglevels, to
help analyze the logs.
.RE
.TP
.B olcMaxFilterDepth: <integer>
Specify the maximum depth of nested filters in search requests.
The default is 1000.
.TP
.B olcPasswordCryptSaltFormat: <format>
Specify the format of the salt passed to
.BR crypt (3)
...
...
doc/man/man5/slapd.conf.5
View file @
f1ebb456
...
...
@@ -743,6 +743,10 @@ This level should usually also be included when using other loglevels, to
help analyze the logs.
.RE
.TP
.B maxfilterdepth <integer>
Specify the maximum depth of nested filters in search requests.
The default is 1000.
.TP
.B moduleload <filename>
Specify the name of a dynamically loadable module to load. The filename
may be an absolute path name or a simple filename. Non-absolute names
...
...
servers/slapd/bconfig.c
View file @
f1ebb456
...
...
@@ -480,6 +480,10 @@ static ConfigTable config_back_cf_table[] = {
&
config_generic
,
"( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )"
,
NULL
,
NULL
},
{
"maxFilterDepth"
,
"depth"
,
2
,
2
,
0
,
ARG_INT
,
&
slap_max_filter_depth
,
"( OLcfgGlAt:101 NAME 'olcMaxFilterDepth' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )"
,
NULL
,
NULL
},
{
"multiprovider"
,
"on|off"
,
2
,
2
,
0
,
ARG_DB
|
ARG_ON_OFF
|
ARG_MAGIC
|
CFG_MULTIPROVIDER
,
&
config_generic
,
"( OLcfgDbAt:0.16 NAME ( 'olcMultiProvider' 'olcMirrorMode' ) "
"EQUALITY booleanMatch "
...
...
@@ -952,6 +956,7 @@ static ConfigOCs cf_ocs[] = {
"olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexHash64 $ "
"olcIndexIntLen $ "
"olcListenerThreads $ olcLocalSSF $ olcLogFile $ olcLogLevel $ "
"olcMaxFilterDepth $ "
"olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
"olcPluginLogFile $ olcReadOnly $ olcReferral $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
...
...
servers/slapd/config.c
View file @
f1ebb456
...
...
@@ -84,6 +84,8 @@ ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
int
slap_conn_max_pending
=
SLAP_CONN_MAX_PENDING_DEFAULT
;
int
slap_conn_max_pending_auth
=
SLAP_CONN_MAX_PENDING_AUTH
;
int
slap_max_filter_depth
=
SLAP_MAX_FILTER_DEPTH_DEFAULT
;
char
*
slapd_pid_file
=
NULL
;
char
*
slapd_args_file
=
NULL
;
...
...
servers/slapd/filter.c
View file @
f1ebb456
...
...
@@ -37,10 +37,6 @@
const
Filter
*
slap_filter_objectClass_pres
;
const
struct
berval
*
slap_filterstr_objectClass_pres
;
#ifndef SLAPD_MAX_FILTER_DEPTH
#define SLAPD_MAX_FILTER_DEPTH 5000
#endif
static
int
get_filter_list
(
Operation
*
op
,
BerElement
*
ber
,
...
...
@@ -132,7 +128,7 @@ get_filter0(
*
*/
if
(
depth
>
SLAPD_MAX_FILTER_DEPTH
)
{
if
(
depth
>
slap_max_filter_depth
)
{
*
text
=
"filter nested too deeply"
;
return
SLAPD_DISCONNECT
;
}
...
...
servers/slapd/proto-slap.h
View file @
f1ebb456
...
...
@@ -2067,6 +2067,7 @@ LDAP_SLAPD_V (ber_len_t) sockbuf_max_incoming;
LDAP_SLAPD_V
(
ber_len_t
)
sockbuf_max_incoming_auth
;
LDAP_SLAPD_V
(
int
)
slap_conn_max_pending
;
LDAP_SLAPD_V
(
int
)
slap_conn_max_pending_auth
;
LDAP_SLAPD_V
(
int
)
slap_max_filter_depth
;
LDAP_SLAPD_V
(
slap_mask_t
)
global_allows
;
LDAP_SLAPD_V
(
slap_mask_t
)
global_disallows
;
...
...
servers/slapd/slap.h
View file @
f1ebb456
...
...
@@ -143,6 +143,7 @@ LDAP_BEGIN_DECL
#define SLAP_CONN_MAX_PENDING_DEFAULT 100
#define SLAP_CONN_MAX_PENDING_AUTH 1000
#define SLAP_MAX_FILTER_DEPTH_DEFAULT 1000
#define SLAP_TEXT_BUFLEN (256)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment