From 102246bda30be3976b96077486dcf86e102e5923 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Wed, 19 Feb 2014 15:54:33 +0000
Subject: [PATCH] Fix OPENDJ-1350: Access controls and timelimits are not enforced when searching cn=changelog

---
 opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java |   27 ++++++++++++++++++++++++++-
 1 files changed, 26 insertions(+), 1 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java b/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java
index 919b038..f26b81d 100644
--- a/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java
@@ -22,7 +22,7 @@
  *
  *
  *      Copyright 2008-2010 Sun Microsystems, Inc.
- *      Portions Copyright 2010-2013 ForgeRock AS
+ *      Portions Copyright 2010-2014 ForgeRock AS
  */
 package org.opends.server.workflowelement.externalchangelog;
 
@@ -50,8 +50,10 @@
 import org.opends.server.types.operation.SearchEntrySearchOperation;
 import org.opends.server.types.operation.SearchReferenceSearchOperation;
 import org.opends.server.util.ServerConstants;
+import org.opends.server.util.TimeThread;
 
 import static org.opends.messages.CoreMessages.*;
+import static org.opends.messages.ReplicationMessages.*;
 import static org.opends.server.config.ConfigConstants.*;
 import static org.opends.server.loggers.ErrorLogger.*;
 import static org.opends.server.loggers.debug.DebugLogger.*;
@@ -617,9 +619,20 @@
         return;
       }
 
+      int lookthroughCount = 0;
+      int lookthroughLimit = getClientConnection().getLookthroughLimit();
+
       // Process change log entries.
       while (update != null)
       {
+        if(lookthroughLimit > 0 && lookthroughCount > lookthroughLimit)
+        {
+          //Lookthrough limit exceeded
+          setResultCode(ResultCode.ADMIN_LIMIT_EXCEEDED);
+          appendErrorMessage(
+                  NOTE_ECL_LOOKTHROUGH_LIMIT_EXCEEDED.get(lookthroughLimit));
+          return;
+        }
         // Check for a request to cancel this operation.
         checkIfCanceled(false);
 
@@ -630,6 +643,8 @@
           return;
         }
 
+        lookthroughCount++;
+
         update = eclServerHandler.getNextECLUpdate();
       }
     }
@@ -684,6 +699,16 @@
       }
       return returnEntry(entry, controls);
     }
+
+    // Check the timelimit here as well, in case there are no matches
+    if ((getTimeLimit() > 0) && (TimeThread.getTime() >=
+      getTimeLimitExpiration()))
+    {
+      setResultCode(ResultCode.TIME_LIMIT_EXCEEDED);
+      appendErrorMessage(ERR_SEARCH_TIME_LIMIT_EXCEEDED.get(getTimeLimit()));
+      return false;
+    }
+
     return true;
   }
 

--
Gitblit v1.10.0