ITS#10025 slapo-dynlist: add option to disable filter support

2025-12-30 19:49:35 -05:00 · 2023-07-31 18:43:30 +01:00 · 2023-07-31 18:43:30 +01:00 · 2494ade786
commit 2494ade786
parent 0b10f4a5b8
2 changed files with 20 additions and 4 deletions
--- a/doc/man/man5/slapo-dynlist.5
+++ b/doc/man/man5/slapo-dynlist.5
@ -134,6 +134,13 @@ character is also specified, then the member and memberOf values will be
 populated recursively, for nested groups. Note that currently nesting is
 only supported for Search operations, not Compares.

+.TP
+.B dynlist\-simple TRUE | FALSE
+This option downgrades to the behavior of the OpenLDAP 2.4 dynlist overlay.
+It disables memberOf processing, nested group support, and filter evaluation
+of dynamically generated values.
+The default is FALSE.
+
 .LP
 The dynlist overlay may be used with any backend, but it is mainly 
 intended for use with local storage backends.
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@ -65,6 +65,7 @@ typedef struct dynlist_info_t {
 typedef struct dynlist_gen_t {
 	dynlist_info_t	*dlg_dli;
 	int				 dlg_memberOf;
+	int				 dlg_simple;
 } dynlist_gen_t;

 #define DYNLIST_USAGE \
@ -1895,6 +1896,8 @@ dynlist_search( Operation *op, SlapReply *rs )
 		userattrs = SLAP_USERATTRS( attrflags );
 	}

+	if (dlg->dlg_simple)
+		goto simple;
 	/* Find all groups in scope. For group expansion
 	 * we only need the groups within the search scope, but
 	 * for memberOf populating, we need all dyngroups.
@ -2063,6 +2066,7 @@ dynlist_search( Operation *op, SlapReply *rs )
 				dynlist_nestlink( op, ds );
 		}
 	}
+simple:

 	if ( dlg->dlg_dli || ds->ds_names != NULL ) {
 		sc->sc_response = dynlist_search2resp;
@ -2145,6 +2149,13 @@ static ConfigTable dlcfg[] = {
 		3, 3, 0, ARG_MAGIC|DL_ATTRPAIR_COMPAT, dl_cfgen,
 			NULL, NULL, NULL },
 #endif
+	{ "dynlist-simple", NULL, 0, 0, 0, ARG_OFFSET|ARG_ON_OFF,
+		(void *)offsetof(dynlist_gen_t, dlg_simple),
+		"( OLcfgOvAt:8.2 NAME 'olcDynListSimple' "
+			"DESC 'Simple mode - disable features added since 2.4.' "
+			"EQUALITY booleanMatch "
+			"SYNTAX OMsBoolean SINGLE-VALUE )",
+			NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };

@ -2153,7 +2164,7 @@ static ConfigOCs dlocs[] = {
 		"NAME ( 'olcDynListConfig' 'olcDynamicList' ) "
 		"DESC 'Dynamic list configuration' "
 		"SUP olcOverlayConfig "
-		"MAY olcDynListAttrSet )",
+		"MAY ( olcDynListAttrSet $ olcDynListSimple ) )",
 		Cft_Overlay, dlcfg, NULL, NULL },
 	{ NULL, 0, NULL }
 };
@ -2745,10 +2756,8 @@ dynlist_db_init(
 		return 1;
 	}

-	dlg = (dynlist_gen_t *)ch_malloc( sizeof( *dlg ));
+	dlg = (dynlist_gen_t *)ch_calloc( 1, sizeof( *dlg ));
 	on->on_bi.bi_private = dlg;
-	dlg->dlg_dli = NULL;
-	dlg->dlg_memberOf = 0;

 	return 0;
 }