From: Howard Chu <hyc@openldap.org>
Date: Mon, 31 Jul 2023 17:43:30 +0000 (+0100)
Subject: ITS#10025 slapo-dynlist: add option to disable filter support
X-Git-Tag: OPENLDAP_REL_ENG_2_5_17~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41beafbd450089873824e07312d9f5372ac2dada;p=thirdparty%2Fopenldap.git

ITS#10025 slapo-dynlist: add option to disable filter support
---

diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5
index 49a3d505d4..7fe0f70505 100644
--- a/doc/man/man5/slapo-dynlist.5
+++ b/doc/man/man5/slapo-dynlist.5
@@ -134,6 +134,13 @@ character is also specified, then the member and memberOf values will be
 populated recursively, for nested groups. Note that currently nesting is
 only supported for Search operations, not Compares.
 
+.TP
+.B dynlist\-simple TRUE | FALSE
+This option downgrades to the behavior of the OpenLDAP 2.4 dynlist overlay.
+It disables memberOf processing, nested group support, and filter evaluation
+of dynamically generated values.
+The default is FALSE.
+
 .LP
 The dynlist overlay may be used with any backend, but it is mainly 
 intended for use with local storage backends.
diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c
index e0a28ad114..5c38b64f0b 100644
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -65,6 +65,7 @@ typedef struct dynlist_info_t {
 typedef struct dynlist_gen_t {
 	dynlist_info_t	*dlg_dli;
 	int				 dlg_memberOf;
+	int				 dlg_simple;
 } dynlist_gen_t;
 
 #define DYNLIST_USAGE \
@@ -1895,6 +1896,8 @@ dynlist_search( Operation *op, SlapReply *rs )
 		userattrs = SLAP_USERATTRS( attrflags );
 	}
 
+	if (dlg->dlg_simple)
+		goto simple;
 	/* Find all groups in scope. For group expansion
 	 * we only need the groups within the search scope, but
 	 * for memberOf populating, we need all dyngroups.
@@ -2063,6 +2066,7 @@ dynlist_search( Operation *op, SlapReply *rs )
 				dynlist_nestlink( op, ds );
 		}
 	}
+simple:
 
 	if ( dlg->dlg_dli || ds->ds_names != NULL ) {
 		sc->sc_response = dynlist_search2resp;
@@ -2146,6 +2150,13 @@ static ConfigTable dlcfg[] = {
 		3, 3, 0, ARG_MAGIC|DL_ATTRPAIR_COMPAT, dl_cfgen,
 			NULL, NULL, NULL },
 #endif
+	{ "dynlist-simple", NULL, 0, 0, 0, ARG_OFFSET|ARG_ON_OFF,
+		(void *)offsetof(dynlist_gen_t, dlg_simple),
+		"( OLcfgOvAt:8.2 NAME 'olcDynListSimple' "
+			"DESC 'Simple mode - disable features added since 2.4.' "
+			"EQUALITY booleanMatch "
+			"SYNTAX OMsBoolean SINGLE-VALUE )",
+			NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
 
@@ -2154,7 +2165,7 @@ static ConfigOCs dlocs[] = {
 		"NAME ( 'olcDynListConfig' 'olcDynamicList' ) "
 		"DESC 'Dynamic list configuration' "
 		"SUP olcOverlayConfig "
-		"MAY olcDynListAttrSet )",
+		"MAY ( olcDynListAttrSet $ olcDynListSimple ) )",
 		Cft_Overlay, dlcfg, NULL, NULL },
 	{ NULL, 0, NULL }
 };
@@ -2746,10 +2757,8 @@ dynlist_db_init(
 		return 1;
 	}
 
-	dlg = (dynlist_gen_t *)ch_malloc( sizeof( *dlg ));
+	dlg = (dynlist_gen_t *)ch_calloc( 1, sizeof( *dlg ));
 	on->on_bi.bi_private = dlg;
-	dlg->dlg_dli = NULL;
-	dlg->dlg_memberOf = 0;
 
 	return 0;
 }