From bf7b61bf7e22fc0c1c0bf69255f44d0139c86937 Mon Sep 17 00:00:00 2001
From: boli <boli@localhost>
Date: Thu, 24 Aug 2006 15:50:33 +0000
Subject: [PATCH] Add a configuration option to limit the number of entries that will be checked for matches during a search operation. A value of -1 or 0 will remove the limit, like the behavior of DS 5 and 6. Changed the "unlimited" values of size and time limits to be consistent with the lookthrough limit (-1 or 0). 

---
 opends/src/server/org/opends/server/core/BindOperation.java |   94 +++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 91 insertions(+), 3 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/BindOperation.java b/opends/src/server/org/opends/server/core/BindOperation.java
index 1769d59..8ce547c 100644
--- a/opends/src/server/org/opends/server/core/BindOperation.java
+++ b/opends/src/server/org/opends/server/core/BindOperation.java
@@ -928,9 +928,10 @@
     // the result is unknown.
     processingStartTime = System.currentTimeMillis();
     setResultCode(ResultCode.UNDEFINED);
-    boolean returnAuthzID = false;
-    int     sizeLimit     = DirectoryServer.getSizeLimit();
-    int     timeLimit     = DirectoryServer.getTimeLimit();
+    boolean returnAuthzID    = false;
+    int     sizeLimit        = DirectoryServer.getSizeLimit();
+    int     timeLimit        = DirectoryServer.getTimeLimit();
+    int     lookthroughLimit = DirectoryServer.getLookthroughLimit();
 
 
     // Set a flag to indicate that a bind operation is in progress.  This should
@@ -1473,6 +1474,50 @@
               }
 
 
+              // See if the user's entry contains a custom lookthrough limit.
+              attrType =
+                   DirectoryServer.getAttributeType(
+                       OP_ATTR_USER_LOOKTHROUGH_LIMIT, true);
+              attrList = userEntry.getAttribute(attrType);
+              if ((attrList != null) && (attrList.size() == 1))
+              {
+                Attribute a = attrList.get(0);
+                LinkedHashSet<AttributeValue>  values = a.getValues();
+                Iterator<AttributeValue> iterator = values.iterator();
+                if (iterator.hasNext())
+                {
+                  AttributeValue v = iterator.next();
+                  if (iterator.hasNext())
+                  {
+                    int msgID = MSGID_BIND_MULTIPLE_USER_LOOKTHROUGH_LIMITS;
+                    String message =
+                         getMessage(msgID, String.valueOf(userEntry.getDN()));
+                    logError(ErrorLogCategory.CORE_SERVER,
+                             ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+                  }
+                  else
+                  {
+                    try
+                    {
+                      lookthroughLimit = Integer.parseInt(v.getStringValue());
+                    }
+                    catch (Exception e)
+                    {
+                      assert debugException(CLASS_NAME, "run", e);
+
+                      int msgID =
+                          MSGID_BIND_CANNOT_PROCESS_USER_LOOKTHROUGH_LIMIT;
+                      String message =
+                           getMessage(msgID, v.getStringValue(),
+                                      String.valueOf(userEntry.getDN()));
+                      logError(ErrorLogCategory.CORE_SERVER,
+                               ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+                    }
+                  }
+                }
+              }
+
+
               pwPolicyState.handleDeprecatedStorageSchemes(simplePassword);
               pwPolicyState.clearAuthFailureTimes();
 
@@ -1930,6 +1975,48 @@
                   }
                 }
               }
+
+
+              // See if the user's entry contains a custom lookthrough limit.
+              attrType =
+                   DirectoryServer.getAttributeType(
+                       OP_ATTR_USER_LOOKTHROUGH_LIMIT, true);
+              attrList = saslAuthUserEntry.getAttribute(attrType);
+              if ((attrList != null) && (attrList.size() == 1))
+              {
+                Attribute a = attrList.get(0);
+                LinkedHashSet<AttributeValue>  values = a.getValues();
+                Iterator<AttributeValue> iterator = values.iterator();
+                if (iterator.hasNext())
+                {
+                  AttributeValue v = iterator.next();
+                  if (iterator.hasNext())
+                  {
+                    int msgID = MSGID_BIND_MULTIPLE_USER_LOOKTHROUGH_LIMITS;
+                    String message = getMessage(msgID, userDNString);
+                    logError(ErrorLogCategory.CORE_SERVER,
+                             ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+                  }
+                  else
+                  {
+                    try
+                    {
+                      lookthroughLimit = Integer.parseInt(v.getStringValue());
+                    }
+                    catch (Exception e)
+                    {
+                      assert debugException(CLASS_NAME, "run", e);
+
+                      int msgID =
+                          MSGID_BIND_CANNOT_PROCESS_USER_LOOKTHROUGH_LIMIT;
+                      String message =
+                           getMessage(msgID, v.getStringValue(), userDNString);
+                      logError(ErrorLogCategory.CORE_SERVER,
+                               ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+                    }
+                  }
+                }
+              }
             }
           }
           else if (resultCode == ResultCode.SASL_BIND_IN_PROGRESS)
@@ -2037,6 +2124,7 @@
       clientConnection.setAuthenticationInfo(authInfo);
       clientConnection.setSizeLimit(sizeLimit);
       clientConnection.setTimeLimit(timeLimit);
+      clientConnection.setLookthroughLimit(lookthroughLimit);
       clientConnection.setMustChangePassword(mustChangePassword);
 
       if (returnAuthzID)

--
Gitblit v1.10.0