From 282288d61ff6180e6798948e3aaa49271e306e70 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 30 Jul 2007 06:26:11 +0000
Subject: [PATCH] Update the server to provide an idle time limit configuration option that can be used to terminate client connections that have been idle for too long. This can be controlled on a server-wide default level using the ds-cfg-idle-time-limit configuration attribute in the cn=config entry, but it can also be overridden on a per-user level with the ds-rlim-idle-time-limit operational attribute in the user's entry.
---
opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java | 96 ++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 96 insertions(+), 0 deletions(-)
diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
index 5c7790c..b7ace2d 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
@@ -3091,6 +3091,7 @@
int sizeLimit = DirectoryServer.getSizeLimit();
int timeLimit = DirectoryServer.getTimeLimit();
int lookthroughLimit = DirectoryServer.getLookthroughLimit();
+ long idleTimeLimit = DirectoryServer.getIdleTimeLimit();
boolean skipPostOperation = false;
// The password policy state information for this bind operation.
@@ -3705,6 +3706,53 @@
}
+ // See if the user's entry contains a custom idle time limit.
+ attrType = DirectoryServer.getAttributeType(
+ OP_ATTR_USER_IDLE_TIME_LIMIT, true);
+ attrList = userEntry.getAttribute(attrType);
+ if ((attrList != null) && (attrList.size() == 1))
+ {
+ Attribute a = attrList.get(0);
+ LinkedHashSet<AttributeValue> values = a.getValues();
+ Iterator<AttributeValue> iterator = values.iterator();
+ if (iterator.hasNext())
+ {
+ AttributeValue v = iterator.next();
+ if (iterator.hasNext())
+ {
+ int msgID = MSGID_BIND_MULTIPLE_USER_IDLE_TIME_LIMITS;
+ String message =
+ getMessage(msgID, String.valueOf(userEntry.getDN()));
+ logError(ErrorLogCategory.CORE_SERVER,
+ ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+ }
+ else
+ {
+ try
+ {
+ idleTimeLimit =
+ 1000L * Long.parseLong(v.getStringValue());
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ int msgID =
+ MSGID_BIND_CANNOT_PROCESS_USER_IDLE_TIME_LIMIT;
+ String message =
+ getMessage(msgID, v.getStringValue(),
+ String.valueOf(userEntry.getDN()));
+ logError(ErrorLogCategory.CORE_SERVER,
+ ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+ }
+ }
+ }
+ }
+
+
// See if the user's entry contains a custom lookthrough limit.
attrType =
DirectoryServer.getAttributeType(
@@ -4272,6 +4320,53 @@
}
+ // See if the user's entry contains a custom idle time limit.
+ attrType = DirectoryServer.getAttributeType(
+ OP_ATTR_USER_IDLE_TIME_LIMIT, true);
+ attrList = saslAuthUserEntry.getAttribute(attrType);
+ if ((attrList != null) && (attrList.size() == 1))
+ {
+ Attribute a = attrList.get(0);
+ LinkedHashSet<AttributeValue> values = a.getValues();
+ Iterator<AttributeValue> iterator = values.iterator();
+ if (iterator.hasNext())
+ {
+ AttributeValue v = iterator.next();
+ if (iterator.hasNext())
+ {
+ int msgID = MSGID_BIND_MULTIPLE_USER_IDLE_TIME_LIMITS;
+ String message =
+ getMessage(msgID, String.valueOf(userDNString));
+ logError(ErrorLogCategory.CORE_SERVER,
+ ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+ }
+ else
+ {
+ try
+ {
+ idleTimeLimit =
+ 1000L * Long.parseLong(v.getStringValue());
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ int msgID =
+ MSGID_BIND_CANNOT_PROCESS_USER_IDLE_TIME_LIMIT;
+ String message =
+ getMessage(msgID, v.getStringValue(),
+ String.valueOf(userDNString));
+ logError(ErrorLogCategory.CORE_SERVER,
+ ErrorLogSeverity.SEVERE_WARNING, message, msgID);
+ }
+ }
+ }
+ }
+
+
// See if the user's entry contains a custom lookthrough limit.
attrType =
DirectoryServer.getAttributeType(
@@ -4422,6 +4517,7 @@
clientConnection.setAuthenticationInfo(authInfo);
clientConnection.setSizeLimit(sizeLimit);
clientConnection.setTimeLimit(timeLimit);
+ clientConnection.setIdleTimeLimit(idleTimeLimit);
clientConnection.setLookthroughLimit(lookthroughLimit);
clientConnection.setMustChangePassword(mustChangePassword);
--
Gitblit v1.10.0