external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 0eaf83f5 | patch | commit | ignore whitespace

Fix Issue 3540: Network Group: Uncaught java.lang.OutOfMemoryError while l...

floblanc

30.38.2008 43a8d886b8ab0da2358cd1ddc820cd5e5c06478f

Fix Issue 3540:  Network Group: Uncaught java.lang.OutOfMemoryError while looping on calling dsconfig setting config properties

Fix Issue 3541: NetGroup reqFilteringPolicy - shouldn't be able to allow and disallow at same time a attr, subtree

4 files modified

	opends/src/messages/messages/config.properties	7 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java	12 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java	51 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java	12 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/messages/messages/config.properties

@@ -2144,4 +2144,9 @@
MILD_ERR_CONFIG_EXTENSION_INITIALIZATION_FAILED_718=An error occurred while \
 trying to initialize an instance of class %s as an extension as \
 defined in configuration entry %s:  %s

SEVERE_ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE_719=The \
 allowed attribute %s specified in configuration entry %s is also defined as \
 a prohibited attribute
SEVERE_ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE_720=The \
 allowed subtree %s specified in configuration entry %s is also defined as \
 a prohibited subtree

 opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java

@@ -70,6 +70,9 @@
  private PortCriteria portCriteria;
  private SecurityCriteria securityCriteria;

  // The current config
  private NetworkGroupCriteriaCfg config;

  /**
   * Constructor.
   *
@@ -93,6 +96,10 @@
    portCriteria = null;
    securityCriteria = null;
    isConfigured = false;
    if (config != null) {
      config.removeChangeListener(this);
      config = null;
    }
  }

  /**
@@ -142,7 +149,10 @@
        securityCriteria = null;
      }
      isConfigured = true;
      criteriaCfg.addChangeListener(this);
      if (config == null) {
        criteriaCfg.addChangeListener(this);
      }
      config = criteriaCfg;
    } else {
      resetCriteria();
    }

 opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java

@@ -57,6 +57,7 @@
import org.opends.server.types.operation.PreParseOperation;
import org.opends.server.types.operation.PreParseSearchOperation;
import static org.opends.messages.CoreMessages.*;
import static org.opends.messages.ConfigMessages.*;


/**
@@ -89,6 +90,8 @@
  // The list of prohibited subtrees
  Set<DN> prohibitedSubtrees = null;

  // The current configuration
  NetworkGroupRequestFilteringPolicyCfg config = null;

  /**
   * Constructor.
@@ -113,6 +116,10 @@
    prohibitedSubtrees = Collections.emptySet();

    isConfigured = false;
    if (config != null) {
      config.removeChangeListener(this);
    }
    config = null;
  }

  /**
@@ -131,8 +138,10 @@
      allowedSubtrees = policyCfg.getAllowedSubtrees();
      prohibitedSubtrees = policyCfg.getProhibitedSubtrees();

      policyCfg.addChangeListener(this);

      if (config == null) {
        policyCfg.addChangeListener(this);
      }
      config = policyCfg;
      isConfigured = true;
    } else {
      resetPolicy();
@@ -286,6 +295,11 @@
        // The attributes specified in prohibitedAttributes are not OK
        result = (!containsProhibitedAttribute(searchOp.getRawFilter()));
      }
      if (!result) {
        messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
        return result;
      }

      if (!allowedAttributes.isEmpty()) {
        // Only the attributes specified in allowedAttributes are OK
        result = (containsOnlyAllowedAttributes(searchOp.getRawFilter()));
@@ -328,6 +342,10 @@
        result = (!prohibitedAttributes.contains(
                compareOp.getRawAttributeType()));
      }
      if (!result) {
        messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
        return result;
      }
      if (!allowedAttributes.isEmpty()) {
        result = (allowedAttributes.contains(compareOp.getRawAttributeType()));
      }
@@ -525,7 +543,11 @@
  public boolean isConfigurationAddAcceptable(
          NetworkGroupRequestFilteringPolicyCfg configuration,
          List<Message> unacceptableReasons) {
    return (!isConfigured);
    if (isConfigured) {
      return false;
    }
    return (isConfigurationChangeAcceptable(configuration,
        unacceptableReasons));
  }

  /**
@@ -575,6 +597,29 @@
  public boolean isConfigurationChangeAcceptable(
          NetworkGroupRequestFilteringPolicyCfg configuration,
          List<Message> unacceptableReasons) {
    if (configuration != null) {
      // Check that allowed-attributes does not contain any attribute
      // also configured in prohibited-attributes
      for (String allowedAttr: configuration.getAllowedAttributes()) {
        if (configuration.getProhibitedAttributes().contains(allowedAttr)) {
          unacceptableReasons.add(
              ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE
              .get(allowedAttr, configuration.dn().toString()));
          return false;
        }
      }

      // Check that allowed-subtrees does not contain any subtree also
      // configured in prohibited-subtrees
      for (DN allowedSubtree: configuration.getAllowedSubtrees()) {
        if (configuration.getProhibitedSubtrees().contains(allowedSubtree)) {
          unacceptableReasons.add(
              ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE.get(
              allowedSubtree.toString(), configuration.dn().toString()));
          return false;
        }
      }
    }
    return true;
  }


 opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java

@@ -87,6 +87,9 @@
  // The lock for the counter numConnections and the map connectionsPerIpMap
  Object connMutex = new Object();

  // The current configuration
  private NetworkGroupResourceLimitsCfg config = null;

  /**
   * Constructor.
   *
@@ -111,6 +114,10 @@
    numConnections = 0;
    connectionsPerIpMap = new HashMap<String, Integer>();
    isConfigured = false;
    if (config != null) {
      config.removeChangeListener(this);
      config = null;
    }
  }

  /**
@@ -131,7 +138,10 @@
      minSearchSubstringLength = resourcesCfg.getMinSubstringLength();
      connectionsPerIpMap = new HashMap<String, Integer>();

      resourcesCfg.addChangeListener(this);
      if (config == null) {
        resourcesCfg.addChangeListener(this);
      }
      config = resourcesCfg;
      isConfigured = true;
    } else {
      resetLimits();

			@@ -2144,4 +2144,9 @@
			MILD_ERR_CONFIG_EXTENSION_INITIALIZATION_FAILED_718=An error occurred while \
			trying to initialize an instance of class %s as an extension as \
			defined in configuration entry %s: %s

			SEVERE_ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE_719=The \
			allowed attribute %s specified in configuration entry %s is also defined as \
			a prohibited attribute
			SEVERE_ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE_720=The \
			allowed subtree %s specified in configuration entry %s is also defined as \
			a prohibited subtree

			@@ -70,6 +70,9 @@
			private PortCriteria portCriteria;
			private SecurityCriteria securityCriteria;

			// The current config
			private NetworkGroupCriteriaCfg config;

			/**
			* Constructor.
			*
			@@ -93,6 +96,10 @@
			portCriteria = null;
			securityCriteria = null;
			isConfigured = false;
			if (config != null) {
			config.removeChangeListener(this);
			config = null;
			}
			}

			/**
			@@ -142,7 +149,10 @@
			securityCriteria = null;
			}
			isConfigured = true;
			criteriaCfg.addChangeListener(this);
			if (config == null) {
			criteriaCfg.addChangeListener(this);
			}
			config = criteriaCfg;
			} else {
			resetCriteria();
			}

			@@ -57,6 +57,7 @@
			import org.opends.server.types.operation.PreParseOperation;
			import org.opends.server.types.operation.PreParseSearchOperation;
			import static org.opends.messages.CoreMessages.*;
			import static org.opends.messages.ConfigMessages.*;


			/**
			@@ -89,6 +90,8 @@
			// The list of prohibited subtrees
			Set<DN> prohibitedSubtrees = null;

			// The current configuration
			NetworkGroupRequestFilteringPolicyCfg config = null;

			/**
			* Constructor.
			@@ -113,6 +116,10 @@
			prohibitedSubtrees = Collections.emptySet();

			isConfigured = false;
			if (config != null) {
			config.removeChangeListener(this);
			}
			config = null;
			}

			/**
			@@ -131,8 +138,10 @@
			allowedSubtrees = policyCfg.getAllowedSubtrees();
			prohibitedSubtrees = policyCfg.getProhibitedSubtrees();

			policyCfg.addChangeListener(this);

			if (config == null) {
			policyCfg.addChangeListener(this);
			}
			config = policyCfg;
			isConfigured = true;
			} else {
			resetPolicy();
			@@ -286,6 +295,11 @@
			// The attributes specified in prohibitedAttributes are not OK
			result = (!containsProhibitedAttribute(searchOp.getRawFilter()));
			}
			if (!result) {
			messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
			return result;
			}

			if (!allowedAttributes.isEmpty()) {
			// Only the attributes specified in allowedAttributes are OK
			result = (containsOnlyAllowedAttributes(searchOp.getRawFilter()));
			@@ -328,6 +342,10 @@
			result = (!prohibitedAttributes.contains(
			compareOp.getRawAttributeType()));
			}
			if (!result) {
			messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
			return result;
			}
			if (!allowedAttributes.isEmpty()) {
			result = (allowedAttributes.contains(compareOp.getRawAttributeType()));
			}
			@@ -525,7 +543,11 @@
			public boolean isConfigurationAddAcceptable(
			NetworkGroupRequestFilteringPolicyCfg configuration,
			List<Message> unacceptableReasons) {
			return (!isConfigured);
			if (isConfigured) {
			return false;
			}
			return (isConfigurationChangeAcceptable(configuration,
			unacceptableReasons));
			}

			/**
			@@ -575,6 +597,29 @@
			public boolean isConfigurationChangeAcceptable(
			NetworkGroupRequestFilteringPolicyCfg configuration,
			List<Message> unacceptableReasons) {
			if (configuration != null) {
			// Check that allowed-attributes does not contain any attribute
			// also configured in prohibited-attributes
			for (String allowedAttr: configuration.getAllowedAttributes()) {
			if (configuration.getProhibitedAttributes().contains(allowedAttr)) {
			unacceptableReasons.add(
			ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE
			.get(allowedAttr, configuration.dn().toString()));
			return false;
			}
			}

			// Check that allowed-subtrees does not contain any subtree also
			// configured in prohibited-subtrees
			for (DN allowedSubtree: configuration.getAllowedSubtrees()) {
			if (configuration.getProhibitedSubtrees().contains(allowedSubtree)) {
			unacceptableReasons.add(
			ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE.get(
			allowedSubtree.toString(), configuration.dn().toString()));
			return false;
			}
			}
			}
			return true;
			}

			@@ -87,6 +87,9 @@
			// The lock for the counter numConnections and the map connectionsPerIpMap
			Object connMutex = new Object();

			// The current configuration
			private NetworkGroupResourceLimitsCfg config = null;

			/**
			* Constructor.
			*
			@@ -111,6 +114,10 @@
			numConnections = 0;
			connectionsPerIpMap = new HashMap<String, Integer>();
			isConfigured = false;
			if (config != null) {
			config.removeChangeListener(this);
			config = null;
			}
			}

			/**
			@@ -131,7 +138,10 @@
			minSearchSubstringLength = resourcesCfg.getMinSubstringLength();
			connectionsPerIpMap = new HashMap<String, Integer>();

			resourcesCfg.addChangeListener(this);
			if (config == null) {
			resourcesCfg.addChangeListener(this);
			}
			config = resourcesCfg;
			isConfigured = true;
			} else {
			resetLimits();