Commit cc6fab31 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add support for separate max incoming for anonymous and authenticated

sessions (defaults: 256K and 16M respectively).
parent 49a4319b
......@@ -425,7 +425,12 @@ Specify the maximum number of entries to return from a search operation.
The default size limit is 500.
.TP
.B sockbuf_max_incoming <integer>
Specify the maximum incoming LDAP PDU size. The default is 262143.
Specify the maximum incoming LDAP PDU size for anonymous sessions.
The default is 262143.
.TP
.B sockbuf_max_incoming_auth <integer>
Specify the maximum incoming LDAP PDU size for authenticated sessions.
The default is 4194303.
.TP
.B srvtab <filename>
Specify the srvtab file in which the kerberos keys necessary for
......
......@@ -280,10 +280,18 @@ do_bind(
conn->c_authmech = conn->c_sasl_bind_mech;
conn->c_sasl_bind_mech = NULL;
conn->c_sasl_bind_in_progress = 0;
conn->c_sasl_ssf = ssf;
if( ssf > conn->c_ssf ) {
conn->c_ssf = ssf;
}
if( conn->c_dn != NULL ) {
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
conn->c_sasl_bind_in_progress = 1;
......@@ -468,6 +476,12 @@ do_bind(
ndn = NULL;
}
if( conn->c_dn != NULL ) {
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
"do_bind: conn %d v%d bind: \"%s\" to \"%s\" \n",
......
......@@ -42,6 +42,7 @@ char *default_search_base = NULL;
char *default_search_nbase = NULL;
ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
char *slapd_pid_file = NULL;
char *slapd_args_file = NULL;
......@@ -278,6 +279,43 @@ read_config( const char *fname )
sockbuf_max_incoming = max;
/* set sockbuf max authenticated */
} else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
long max;
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
"%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
fname, lineno, 0 );
#endif
return( 1 );
}
max = atol( cargv[1] );
if( max < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
"%s: line %d: invalid max value (%ld) in "
"\"sockbuf_max_incoming_auth <bytes>\" line.\n",
fname, lineno, max ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid max value (%ld) in "
"\"sockbuf_max_incoming_auth <bytes>\" line.\n",
fname, lineno, max );
#endif
return( 1 );
}
sockbuf_max_incoming_auth = max;
/* default search base */
} else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
if ( cargc < 2 ) {
......
......@@ -536,6 +536,11 @@ void connection2anonymous( Connection *c )
assert( connections != NULL );
assert( c != NULL );
{
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
if(c->c_authmech != NULL ) {
free(c->c_authmech);
c->c_authmech = NULL;
......
......@@ -799,7 +799,10 @@ LDAP_SLAPD_F (int) krbv4_ldap_auth();
* Other...
*/
#define SLAP_SB_MAX_INCOMING_DEFAULT (1<<18 - 1)
#define SLAP_SB_MAX_INCOMING_AUTH (1<<24 - 1)
LDAP_SLAPD_F (ber_len_t) sockbuf_max_incoming;
LDAP_SLAPD_F (ber_len_t) sockbuf_max_incoming_auth;
LDAP_SLAPD_F (slap_mask_t) global_restrictops;
LDAP_SLAPD_F (slap_mask_t) global_allows;
......
......@@ -58,7 +58,6 @@ LDAP_BEGIN_DECL
#define MAXREMATCHES (10)
#define SLAP_MAX_INCOMING (1<<18 - 1)
#define SLAP_MAX_WORKER_THREADS (32)
#define SLAP_TEXT_BUFLEN (256)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment