Commit a3935c72 authored by Howard Chu's avatar Howard Chu
Browse files

ITS#8967 back-mdb: fix adminlimit check

parent 9621d0c3
...@@ -432,6 +432,7 @@ mdb_search( Operation *op, SlapReply *rs ) ...@@ -432,6 +432,7 @@ mdb_search( Operation *op, SlapReply *rs )
time_t stoptime; time_t stoptime;
int manageDSAit; int manageDSAit;
int tentries = 0; int tentries = 0;
int admincheck = 0;
IdScopes isc; IdScopes isc;
MDB_cursor *mci, *mcd; MDB_cursor *mci, *mcd;
ww_ctx wwctx; ww_ctx wwctx;
...@@ -677,8 +678,13 @@ dn2entry_retry: ...@@ -677,8 +678,13 @@ dn2entry_retry:
rs->sr_err = search_candidates( op, rs, base, rs->sr_err = search_candidates( op, rs, base,
&isc, mci, candidates, stack ); &isc, mci, candidates, stack );
if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ) if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ) {
goto adminlimit; adminlimit:
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
ncand = MDB_IDL_N( candidates ); ncand = MDB_IDL_N( candidates );
if ( !base->e_id || ncand == NOID ) { if ( !base->e_id || ncand == NOID ) {
...@@ -709,11 +715,7 @@ dn2entry_retry: ...@@ -709,11 +715,7 @@ dn2entry_retry:
op->ors_limit->lms_s_unchecked != -1 && op->ors_limit->lms_s_unchecked != -1 &&
ncand > (unsigned) op->ors_limit->lms_s_unchecked ) ncand > (unsigned) op->ors_limit->lms_s_unchecked )
{ {
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; admincheck = 1;
adminlimit:
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
} }
if ( op->ors_limit == NULL /* isroot == TRUE */ || if ( op->ors_limit == NULL /* isroot == TRUE */ ||
...@@ -750,6 +752,10 @@ adminlimit: ...@@ -750,6 +752,10 @@ adminlimit:
send_ldap_result( op, rs ); send_ldap_result( op, rs );
goto done; goto done;
} }
if ( admincheck )
goto adminlimit;
id = mdb_idl_first( candidates, &cursor ); id = mdb_idl_first( candidates, &cursor );
if ( id == NOID ) { if ( id == NOID ) {
Debug( LDAP_DEBUG_TRACE, Debug( LDAP_DEBUG_TRACE,
...@@ -768,6 +774,8 @@ adminlimit: ...@@ -768,6 +774,8 @@ adminlimit:
if ( nsubs < ncand ) { if ( nsubs < ncand ) {
int rc; int rc;
/* Do scope-based search */ /* Do scope-based search */
if ( nsubs > (unsigned) op->ors_limit->lms_s_unchecked )
goto adminlimit;
/* if any alias scopes were set, save them */ /* if any alias scopes were set, save them */
if (scopes[0].mid > 1) { if (scopes[0].mid > 1) {
...@@ -793,6 +801,8 @@ adminlimit: ...@@ -793,6 +801,8 @@ adminlimit:
id = isc.id; id = isc.id;
cscope = 0; cscope = 0;
} else { } else {
if ( admincheck )
goto adminlimit;
id = mdb_idl_first( candidates, &cursor ); id = mdb_idl_first( candidates, &cursor );
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment