From commits-return-20630-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Tue Dec 02 13:24:14 2008
Return-Path: <commits-return-20630-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: (qmail 32746 invoked from network); 2 Dec 2008 13:24:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 2 Dec 2008 13:24:14 -0000
Received: (qmail 15236 invoked by uid 500); 2 Dec 2008 13:24:25 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 15208 invoked by uid 500); 2 Dec 2008 13:24:25 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 15199 invoked by uid 99); 2 Dec 2008 13:24:25 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Dec 2008 05:24:25 -0800
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Dec 2008 13:23:05 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id D8AAF23888A6; Tue,  2 Dec 2008 05:23:22 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r722452 - in /directory/apacheds/branches/apacheds-mina2:
 core/src/main/java/org/apache/directory/server/core/
 core/src/test/java/org/apache/directory/server/core/authz/support/
 core/src/test/java/org/apache/directory/server/core/intercepto...
Date: Tue, 02 Dec 2008 13:23:21 -0000
To: commits@directory.apache.org
From: elecharny@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20081202132322.D8AAF23888A6@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: elecharny
Date: Tue Dec  2 05:23:20 2008
New Revision: 722452

URL: http://svn.apache.org/viewvc?rev=722452&view=rev
Log:
Added some support for OOM protection :
- a new parameter has been added to the DirectoryServer : maxPDUSize
- it has been propagated to the LDAP decoder
- a test has been added to check that the server correctly control the PDU size.
- the server.xml file has been changed to handle this parameter

Modified:
    directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
    directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
    directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
    directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
    directory/apacheds/branches/apacheds-mina2/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolCodecFactory.java
    directory/apacheds/branches/apacheds-mina2/server-integ/src/test/java/org/apache/directory/server/operations/add/AddIT.java
    directory/apacheds/branches/apacheds-mina2/server-xml/src/main/resources/server.xml

Modified: directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Tue Dec  2 05:23:20 2008
@@ -248,6 +248,10 @@
     private List<? extends LdifEntry> testEntries = new ArrayList<LdifEntry>(); // List<Attributes>
     private EventService eventService;
 
+    
+    
+    /** The maximum size for an incoming PDU */
+    private int maxPDUSize = Integer.MAX_VALUE;
 
 
     public void setInstanceId( String instanceId )
@@ -1557,4 +1561,29 @@
     {
         this.passwordHidden = passwordHidden;
     }
+
+
+    /**
+     * @return The maximum allowed size for an incoming PDU
+     */
+    public int getMaxPDUSize()
+    {
+        return maxPDUSize;
+    }
+
+
+    /**
+     * Set the maximum allowed size for an incoming PDU 
+     * @param maxPDUSize A positive number of bytes for the PDU. A negative or
+     * null value will be transformed to {@link Integer#MAX_VALUE}
+     */
+    public void setMaxPDUSize( int maxPDUSize )
+    {
+        if ( maxPDUSize <= 0 )
+        {
+            maxPDUSize = Integer.MAX_VALUE;
+        }
+        
+        this.maxPDUSize = maxPDUSize;
+    }
 }

Modified: directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DirectoryService.java?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-mina2/core/src/main/java/org/apache/directory/server/core/DirectoryService.java Tue Dec  2 05:23:20 2008
@@ -414,4 +414,18 @@
      * Gets the operation manager.
      */
     OperationManager getOperationManager();
+
+
+    /**
+     * @return The maximum allowed size for an incoming PDU
+     */
+    int getMaxPDUSize();
+
+
+    /**
+     * Set the maximum allowed size for an incoming PDU 
+     * @param maxPDUSize A positive number of bytes for the PDU. A negative or
+     * null value will be transformed to {@link Integer#MAX_VALUE}
+     */
+    void setMaxPDUSize( int maxPDUSize );
 }

Modified: directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java (original)
+++ directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java Tue Dec  2 05:23:20 2008
@@ -824,6 +824,18 @@
         public void setPassordHidden( boolean passwordHidden )
         {
         }
+
+
+        public int getMaxPDUSize()
+        {
+            return Integer.MAX_VALUE;
+        }
+
+
+        public void setMaxPDUSize( int maxPDUSize )
+        {
+            // Do nothing
+        }
     }
 
     

Modified: directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java (original)
+++ directory/apacheds/branches/apacheds-mina2/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java Tue Dec  2 05:23:20 2008
@@ -633,5 +633,17 @@
         public void setPassordHidden( boolean passwordHidden )
         {
         }
+
+
+        public int getMaxPDUSize()
+        {
+            return Integer.MAX_VALUE;
+        }
+
+
+        public void setMaxPDUSize( int maxPDUSize )
+        {
+            // Do nothing
+        }
     }
 }

Modified: directory/apacheds/branches/apacheds-mina2/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolCodecFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolCodecFactory.java?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolCodecFactory.java (original)
+++ directory/apacheds/branches/apacheds-mina2/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolCodecFactory.java Tue Dec  2 05:23:20 2008
@@ -77,14 +77,6 @@
      */
     public ProtocolDecoder getDecoder( IoSession session )
     {
-        Object maxPDUSizeValue = session.getAttribute( MAX_PDU_SIZE );
-        int maxPDUSize = Integer.MAX_VALUE;
-        
-        if ( ( maxPDUSizeValue != null ) || ( maxPDUSizeValue instanceof Number ) )
-        {
-            maxPDUSize = ((Number)maxPDUSizeValue).intValue();
-        }
-        
         return new Asn1CodecDecoder( new MessageDecoder( new BinaryAttributeDetector()
         {
             public boolean isBinary( String id )
@@ -101,6 +93,6 @@
                 }
             }
         },
-        maxPDUSize ) );
+        directoryService.getMaxPDUSize() ) );
     }
 }
\ No newline at end of file

Modified: directory/apacheds/branches/apacheds-mina2/server-integ/src/test/java/org/apache/directory/server/operations/add/AddIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/server-integ/src/test/java/org/apache/directory/server/operations/add/AddIT.java?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/server-integ/src/test/java/org/apache/directory/server/operations/add/AddIT.java (original)
+++ directory/apacheds/branches/apacheds-mina2/server-integ/src/test/java/org/apache/directory/server/operations/add/AddIT.java Tue Dec  2 05:23:20 2008
@@ -20,6 +20,7 @@
 package org.apache.directory.server.operations.add;
 
 
+import javax.naming.CommunicationException;
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -942,4 +943,73 @@
         assertTrue( cn.contains( "Jackson" ) );
         assertTrue( cn.contains( "Michael" ) );
     }
+
+
+    /**
+     * Test that if we inject a PDU above the max allowed size,
+     * the connection is closed. 
+     * 
+     * @throws NamingException 
+     */
+    @Test
+    public void testAddPDUExceedingMaxSize() throws Exception
+    {
+        // Limit the PDU size to 1024
+        ldapService.getDirectoryService().setMaxPDUSize( 1024 );
+        DirContext ctx = ( DirContext ) getWiredContext( ldapService ).lookup( BASE );
+
+        // modify object classes, add two more
+        Attributes attributes = new BasicAttributes( true );
+        Attribute ocls = new BasicAttribute( "description" );
+        
+        // Inject a 1024 bytes long description
+        StringBuilder sb = new StringBuilder();
+        
+        for ( int i = 0; i < 128; i++ )
+        {
+            sb.append( "0123456789ABCDEF" );
+        }
+        
+        ocls.add( sb.toString() );
+        attributes.put( ocls );
+
+        DirContext person = ( DirContext ) ctx.lookup( RDN );
+        
+        try
+        {
+            person.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, attributes );
+            fail();
+        }
+        catch ( Exception e )
+        {
+            // We are expecting the session to be close here.
+        }
+        
+        // Test again with a bigger size
+        // Limit the PDU size to 1024
+        ldapService.getDirectoryService().setMaxPDUSize( 4096 );
+        
+        ctx = ( DirContext ) getWiredContext( ldapService ).lookup( BASE );
+        person = ( DirContext ) ctx.lookup( RDN );
+        
+        try
+        {
+            person.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, attributes );
+        }
+        catch ( Exception e )
+        {
+            // We should not go there
+            fail();
+        }
+
+        // Read again from directory
+        ctx = ( DirContext ) getWiredContext( ldapService ).lookup( BASE );
+        person = ( DirContext ) ctx.lookup( RDN );
+        
+        assertNotNull( person );
+        attributes = person.getAttributes( "" );
+        Attribute newOcls = attributes.get( "objectClass" );
+
+        assertNotNull( newOcls );
+    }
 }

Modified: directory/apacheds/branches/apacheds-mina2/server-xml/src/main/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-mina2/server-xml/src/main/resources/server.xml?rev=722452&r1=722451&r2=722452&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-mina2/server-xml/src/main/resources/server.xml (original)
+++ directory/apacheds/branches/apacheds-mina2/server-xml/src/main/resources/server.xml Tue Dec  2 05:23:20 2008
@@ -28,7 +28,8 @@
                            workingDirectory="example.com"
                            allowAnonymousAccess="true"
                            accessControlEnabled="false"
-                           denormalizeOpAttrsEnabled="false">
+                           denormalizeOpAttrsEnabled="false"
+                           maxPDUSize="2000000">
     <systemPartition>
       <!-- use the following partitionConfiguration to override defaults for -->
       <!-- the system partition                                              -->