From cc6fab319ebb776c94462df6bc23abc718ae6ad8 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 29 May 2001 20:00:55 +0000 Subject: [PATCH] Add support for separate max incoming for anonymous and authenticated sessions (defaults: 256K and 16M respectively). --- doc/man/man5/slapd.conf.5 | 7 ++++++- servers/slapd/bind.c | 14 ++++++++++++++ servers/slapd/config.c | 38 ++++++++++++++++++++++++++++++++++++++ servers/slapd/connection.c | 5 +++++ servers/slapd/proto-slap.h | 3 +++ servers/slapd/slap.h | 1 - 6 files changed, 66 insertions(+), 2 deletions(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 603d782f42..bef621936b 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -425,7 +425,12 @@ Specify the maximum number of entries to return from a search operation. The default size limit is 500. .TP .B sockbuf_max_incoming -Specify the maximum incoming LDAP PDU size. The default is 262143. +Specify the maximum incoming LDAP PDU size for anonymous sessions. +The default is 262143. +.TP +.B sockbuf_max_incoming_auth +Specify the maximum incoming LDAP PDU size for authenticated sessions. +The default is 4194303. .TP .B srvtab Specify the srvtab file in which the kerberos keys necessary for diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 05b95eae82..a4a10047d1 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -280,10 +280,18 @@ do_bind( conn->c_authmech = conn->c_sasl_bind_mech; conn->c_sasl_bind_mech = NULL; conn->c_sasl_bind_in_progress = 0; + conn->c_sasl_ssf = ssf; if( ssf > conn->c_ssf ) { conn->c_ssf = ssf; } + + if( conn->c_dn != NULL ) { + ber_len_t max = sockbuf_max_incoming; + ber_sockbuf_ctrl( conn->c_sb, + LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + } else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) { conn->c_sasl_bind_in_progress = 1; @@ -468,6 +476,12 @@ do_bind( ndn = NULL; } + if( conn->c_dn != NULL ) { + ber_len_t max = sockbuf_max_incoming; + ber_sockbuf_ctrl( conn->c_sb, + LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "do_bind: conn %d v%d bind: \"%s\" to \"%s\" \n", diff --git a/servers/slapd/config.c b/servers/slapd/config.c index c1583e7454..c4e07db580 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -42,6 +42,7 @@ char *default_search_base = NULL; char *default_search_nbase = NULL; ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT; +ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH; char *slapd_pid_file = NULL; char *slapd_args_file = NULL; @@ -278,6 +279,43 @@ read_config( const char *fname ) sockbuf_max_incoming = max; + /* set sockbuf max authenticated */ + } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) { + long max; + if ( cargc < 2 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: missing max in \"sockbuf_max_incoming_auth \" line\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing max in \"sockbuf_max_incoming_auth \" line\n", + fname, lineno, 0 ); +#endif + + return( 1 ); + } + + max = atol( cargv[1] ); + + if( max < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: invalid max value (%ld) in " + "\"sockbuf_max_incoming_auth \" line.\n", + fname, lineno, max )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: invalid max value (%ld) in " + "\"sockbuf_max_incoming_auth \" line.\n", + fname, lineno, max ); +#endif + + return( 1 ); + } + + sockbuf_max_incoming_auth = max; + /* default search base */ } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) { if ( cargc < 2 ) { diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index fe26fee674..4877451fe5 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -536,6 +536,11 @@ void connection2anonymous( Connection *c ) assert( connections != NULL ); assert( c != NULL ); + { + ber_len_t max = sockbuf_max_incoming; + ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + if(c->c_authmech != NULL ) { free(c->c_authmech); c->c_authmech = NULL; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 258f14158a..05721667c0 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -799,7 +799,10 @@ LDAP_SLAPD_F (int) krbv4_ldap_auth(); * Other... */ #define SLAP_SB_MAX_INCOMING_DEFAULT (1<<18 - 1) +#define SLAP_SB_MAX_INCOMING_AUTH (1<<24 - 1) + LDAP_SLAPD_F (ber_len_t) sockbuf_max_incoming; +LDAP_SLAPD_F (ber_len_t) sockbuf_max_incoming_auth; LDAP_SLAPD_F (slap_mask_t) global_restrictops; LDAP_SLAPD_F (slap_mask_t) global_allows; diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 2be9bfc028..a012fb9cfb 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -58,7 +58,6 @@ LDAP_BEGIN_DECL #define MAXREMATCHES (10) -#define SLAP_MAX_INCOMING (1<<18 - 1) #define SLAP_MAX_WORKER_THREADS (32) #define SLAP_TEXT_BUFLEN (256)