dirsrvtests/tickets/ticket48191_test.py | 312 ++++++++++++++++++++++++++++++++
ldap/servers/slapd/libglobs.c | 52 +++++
ldap/servers/slapd/opshared.c | 5
ldap/servers/slapd/pagedresults.c | 16 +
ldap/servers/slapd/proto-slap.h | 4
ldap/servers/slapd/slap.h | 3
6 files changed, 391 insertions(+), 1 deletion(-)
New commits:
commit bed6f0d549d7817f5ab58a1b6a1b60f29c84d752
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jun 9 15:40:55 2015 -0700
Ticket #48191 - CI test: added test cases for ticket 48191
Description: Adding nsslapd-maxsimplepaged-per-conn
diff --git a/dirsrvtests/tickets/ticket48191_test.py
b/dirsrvtests/tickets/ticket48191_test.py
new file mode 100644
index 0000000..4011cb2
--- /dev/null
+++ b/dirsrvtests/tickets/ticket48191_test.py
@@ -0,0 +1,312 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from ldap.controls import SimplePagedResultsControl
+from ldap.controls.simple import GetEffectiveRightsControl
+
+log = logging.getLogger(__name__)
+
+installation_prefix = None
+
+CONFIG_DN = 'cn=config'
+MYSUFFIX = 'o=ticket48191.org'
+MYSUFFIXBE = 'ticket48191'
+
+_MYLDIF = 'ticket48191.ldif'
+
+SEARCHFILTER = '(objectclass=*)'
+
+
+class TopologyStandalone(object):
+ def __init__(self, standalone):
+ standalone.open()
+ self.standalone = standalone
+
+
+(a)pytest.fixture(scope="module")
+def topology(request):
+ '''
+ This fixture is used to standalone topology for the 'module'.
+ '''
+ global installation_prefix
+
+ if installation_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
+
+ standalone = DirSrv(verbose=False)
+
+ # Args for the standalone instance
+ args_instance[SER_HOST] = HOST_STANDALONE
+ args_instance[SER_PORT] = PORT_STANDALONE
+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+ args_standalone = args_instance.copy()
+ standalone.allocate(args_standalone)
+
+ # Get the status of the instance and restart it if it exists
+ instance_standalone = standalone.exists()
+
+ # Remove the instance
+ if instance_standalone:
+ standalone.delete()
+
+ # Create the instance
+ standalone.create()
+
+ # Used to retrieve configuration information (dbdir, confdir...)
+ standalone.open()
+
+ # clear the tmp directory
+ standalone.clearTmpDir(__file__)
+
+ # Here we have standalone instance up and running
+ return TopologyStandalone(standalone)
+
+
+def test_ticket48191_setup(topology):
+ """
+ Import 20 entries
+ Set nsslapd-maxsimplepaged-per-conn in cn=config
+ If the val is negative, no limit.
+ If the value is 0, the simple paged results is disabled.
+ If the value is positive, the value is the max simple paged results requests per
connection.
+ The setting has to be dynamic.
+ """
+ log.info('Testing Ticket 48191 - Config parameter
nsslapd-maxsimplepaged-per-conn')
+
+ # bind as directory manager
+ topology.standalone.log.info("Bind as %s" % DN_DM)
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+
+ topology.standalone.log.info("\n\n######################### SETUP SUFFIX
o=ticket48191.org ######################\n")
+
+ topology.standalone.backend.create(MYSUFFIX, {BACKEND_NAME: MYSUFFIXBE})
+ topology.standalone.mappingtree.create(MYSUFFIX, bename=MYSUFFIXBE)
+
+ topology.standalone.log.info("\n\n######################### Generate Test data
######################\n")
+
+ # get tmp dir
+ mytmp = topology.standalone.getDir(__file__, TMP_DIR)
+ if mytmp is None:
+ mytmp = "/tmp"
+
+ MYLDIF = '%s%s' % (mytmp, _MYLDIF)
+ os.system('ls %s' % MYLDIF)
+ os.system('rm -f %s' % MYLDIF)
+ if hasattr(topology.standalone, 'prefix'):
+ prefix = topology.standalone.prefix
+ else:
+ prefix = None
+ dbgen_prog = prefix + '/bin/dbgen.pl'
+ topology.standalone.log.info('dbgen_prog: %s' % dbgen_prog)
+ os.system('%s -s %s -o %s -n 14' % (dbgen_prog, MYSUFFIX, MYLDIF))
+ cmdline = 'egrep dn: %s | wc -l' % MYLDIF
+ p = os.popen(cmdline, "r")
+ dnnumstr = p.readline()
+ global dnnum
+ dnnum = int(dnnumstr)
+ topology.standalone.log.info("We have %d entries.\n", dnnum)
+
+ topology.standalone.log.info("\n\n######################### Import Test data
######################\n")
+
+ args = {TASK_WAIT: True}
+ importTask = Tasks(topology.standalone)
+ importTask.importLDIF(MYSUFFIX, MYSUFFIXBE, MYLDIF, args)
+
+ topology.standalone.log.info("\n\n######################### SEARCH ALL
######################\n")
+ topology.standalone.log.info("Bind as %s and add the READ/SEARCH SELFDN
aci" % DN_DM)
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+
+ global entries
+ entries = topology.standalone.search_s(MYSUFFIX, ldap.SCOPE_SUBTREE, SEARCHFILTER)
+ topology.standalone.log.info("Returned %d entries.\n", len(entries))
+
+ #print entries
+
+ assert dnnum == len(entries)
+
+ topology.standalone.log.info('%d entries are successfully imported.' %
dnnum)
+
+def test_ticket48191_run_0(topology):
+ topology.standalone.log.info("\n\n######################### SEARCH WITH SIMPLE
PAGED RESULTS CONTROL (no nsslapd-maxsimplepaged-per-conn)
######################\n")
+
+ page_size = 4
+ spr_req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+
+ known_ldap_resp_ctrls = {
+ SimplePagedResultsControl.controlType: SimplePagedResultsControl,
+ }
+
+ topology.standalone.log.info("Calling search_ext...")
+ msgid = topology.standalone.search_ext(MYSUFFIX,
+ ldap.SCOPE_SUBTREE,
+ SEARCHFILTER,
+ ['cn'],
+ serverctrls=[spr_req_ctrl])
+ pageddncnt = 0
+ pages = 0
+ while True:
+ pages += 1
+
+ topology.standalone.log.info("Getting page %d" % pages)
+ rtype, rdata, rmsgid, responcectrls = topology.standalone.result3(msgid,
resp_ctrl_classes=known_ldap_resp_ctrls)
+ topology.standalone.log.info("%d results" % len(rdata))
+ pageddncnt += len(rdata)
+
+ topology.standalone.log.info("Results:")
+ for dn, attrs in rdata:
+ topology.standalone.log.info("dn: %s" % dn)
+
+ pctrls = [
+ c for c in responcectrls if c.controlType ==
SimplePagedResultsControl.controlType
+ ]
+ if not pctrls:
+ topology.standalone.log.info('Warning: Server ignores RFC 2696
control.')
+ break
+
+ if pctrls[0].cookie:
+ spr_req_ctrl.cookie = pctrls[0].cookie
+ topology.standalone.log.info("cookie: %s" % spr_req_ctrl.cookie)
+ msgid = topology.standalone.search_ext(MYSUFFIX,
+ ldap.SCOPE_SUBTREE,
+ SEARCHFILTER,
+ ['cn'],
+ serverctrls=[spr_req_ctrl])
+ else:
+ topology.standalone.log.info("No cookie")
+ break
+
+ topology.standalone.log.info("Paged result search returned %d entries in %d
pages.\n", pageddncnt, pages)
+
+ global dnnum
+ global entries
+ assert dnnum == len(entries)
+ assert pages == (dnnum / page_size)
+
+def test_ticket48191_run_1(topology):
+ topology.standalone.log.info("\n\n######################### SEARCH WITH SIMPLE
PAGED RESULTS CONTROL (nsslapd-maxsimplepaged-per-conn: 0)
######################\n")
+
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE,
'nsslapd-maxsimplepaged-per-conn', '0')])
+
+ page_size = 4
+ spr_req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+
+ known_ldap_resp_ctrls = {
+ SimplePagedResultsControl.controlType: SimplePagedResultsControl,
+ }
+
+ topology.standalone.log.info("Calling search_ext...")
+ msgid = topology.standalone.search_ext(MYSUFFIX,
+ ldap.SCOPE_SUBTREE,
+ SEARCHFILTER,
+ ['cn'],
+ serverctrls=[spr_req_ctrl])
+
+ topology.standalone.log.fatal('Unexpected success')
+ try:
+ rtype, rdata, rmsgid, responcectrls = topology.standalone.result3(msgid,
resp_ctrl_classes=known_ldap_resp_ctrls)
+ except ldap.UNWILLING_TO_PERFORM, e:
+ topology.standalone.log.info('Returned the expected RC
UNWILLING_TO_PERFORM')
+ return
+ except ldap.LDAPError, e:
+ topology.standalone.log.fatal('Unexpected error: ' +
e.message['desc'])
+ assert False
+ topology.standalone.log.info("Type %d" % rtype)
+ topology.standalone.log.info("%d results" % len(rdata))
+ assert False
+
+def test_ticket48191_run_2(topology):
+ topology.standalone.log.info("\n\n######################### SEARCH WITH SIMPLE
PAGED RESULTS CONTROL (nsslapd-maxsimplepaged-per-conn: 1000)
######################\n")
+
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE,
'nsslapd-maxsimplepaged-per-conn', '1000')])
+
+ page_size = 4
+ spr_req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
+
+ known_ldap_resp_ctrls = {
+ SimplePagedResultsControl.controlType: SimplePagedResultsControl,
+ }
+
+ topology.standalone.log.info("Calling search_ext...")
+ msgid = topology.standalone.search_ext(MYSUFFIX,
+ ldap.SCOPE_SUBTREE,
+ SEARCHFILTER,
+ ['cn'],
+ serverctrls=[spr_req_ctrl])
+ pageddncnt = 0
+ pages = 0
+ while True:
+ pages += 1
+
+ topology.standalone.log.info("Getting page %d" % pages)
+ rtype, rdata, rmsgid, responcectrls = topology.standalone.result3(msgid,
resp_ctrl_classes=known_ldap_resp_ctrls)
+ topology.standalone.log.info("%d results" % len(rdata))
+ pageddncnt += len(rdata)
+
+ topology.standalone.log.info("Results:")
+ for dn, attrs in rdata:
+ topology.standalone.log.info("dn: %s" % dn)
+
+ pctrls = [
+ c for c in responcectrls if c.controlType ==
SimplePagedResultsControl.controlType
+ ]
+ if not pctrls:
+ topology.standalone.log.info('Warning: Server ignores RFC 2696
control.')
+ break
+
+ if pctrls[0].cookie:
+ spr_req_ctrl.cookie = pctrls[0].cookie
+ topology.standalone.log.info("cookie: %s" % spr_req_ctrl.cookie)
+ msgid = topology.standalone.search_ext(MYSUFFIX,
+ ldap.SCOPE_SUBTREE,
+ SEARCHFILTER,
+ ['cn'],
+ serverctrls=[spr_req_ctrl])
+ else:
+ topology.standalone.log.info("No cookie")
+ break
+
+ topology.standalone.log.info("Paged result search returned %d entries in %d
pages.\n", pageddncnt, pages)
+
+ global dnnum
+ global entries
+ assert dnnum == len(entries)
+ assert pages == (dnnum / page_size)
+
+ topology.standalone.log.info("ticket48191 was successfully verified.")
+
+
+def test_ticket48191_final(topology):
+ topology.standalone.delete()
+ log.info('Testcase PASSED')
+
+
+def run_isolated():
+ '''
+ run_isolated is used to run these test cases independently of a test scheduler
(xunit, py.test..)
+ To run isolated without py.test, you need to
+ - edit this file and comment '(a)pytest.fixture' line before
'topology' function.
+ - set the installation prefix
+ - run this program
+ '''
+ global installation_prefix
+ installation_prefix = None
+
+ topo = topology(True)
+ test_ticket48191_setup(topo)
+ test_ticket48191_run_0(topo)
+ test_ticket48191_run_1(topo)
+ test_ticket48191_run_2(topo)
+ test_ticket48191_final(topo)
+
+
+if __name__ == '__main__':
+ run_isolated()
+
commit 5fd0cdfcc1e409c43ab700e35079ada7701c63a4
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Jun 9 14:03:17 2015 -0700
Ticket #48191 - RFE: Adding nsslapd-maxsimplepaged-per-conn
Description: Asynchronous simple paged results requests could add too much load
the server can handle. Adding a config parameter to restrict the requests.
cn=config
nsslapd-maxsimplepaged-per-conn: INT
If nsslapd-maxsimplepaged-per-conn is configured with a positive integer,
Asynchronous simple paged results requests per connection is limitted by the
value. If the requests exceed the value, it returns LDAP_UNWILLING_TO_PERFORM.
If the value is negative, there is no limit (default behaviour).
If the value is 0, a simple paged results is disabled.
https://fedorahosted.org/389/ticket/48191
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!)
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 5aee1c4..3b53f32 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -186,6 +186,8 @@ static int invalid_sasl_mech(char *str);
#define DEFAULT_MAXBERSIZE 2097152
#define DEFAULT_SASL_MAXBUFSIZE "2097152"
#define SLAPD_DEFAULT_SASL_MAXBUFSIZE 2097152
+#define DEFAULT_MAXSIMPLEPAGED_PER_CONN (-1)
+#define DEFAULT_MAXSIMPLEPAGED_PER_CONN_STR "-1"
#ifdef MEMPOOL_EXPERIMENTAL
#define DEFAULT_MEMPOOL_MAXFREELIST "1024"
#endif
@@ -1130,7 +1132,11 @@ static struct config_get_and_set {
{CONFIG_GLOBAL_BACKEND_LOCK, config_set_global_backend_lock,
NULL, 0,
(void**)&global_slapdFrontendConfig.global_backend_lock,
- CONFIG_ON_OFF, (ConfigGetFunc)config_get_global_backend_lock,
&init_global_backend_local}
+ CONFIG_ON_OFF, (ConfigGetFunc)config_get_global_backend_lock,
&init_global_backend_local},
+ {CONFIG_MAXSIMPLEPAGED_PER_CONN_ATTRIBUTE, config_set_maxsimplepaged_per_conn,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.maxsimplepaged_per_conn,
+ CONFIG_INT, config_get_maxsimplepaged_per_conn, DEFAULT_MAXSIMPLEPAGED_PER_CONN_STR},
#ifdef ENABLE_NUNC_STANS
,{CONFIG_ENABLE_NUNC_STANS, config_set_enable_nunc_stans,
NULL, 0,
@@ -1585,6 +1591,7 @@ FrontendConfig_init () {
init_dynamic_plugins = cfg->dynamic_plugins = LDAP_OFF;
init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
init_global_backend_local = LDAP_OFF;
+ cfg->maxsimplepaged_per_conn = DEFAULT_MAXSIMPLEPAGED_PER_CONN;
#ifdef ENABLE_NUNC_STANS
init_enable_nunc_stans = cfg->enable_nunc_stans = LDAP_OFF;
#endif
@@ -7864,6 +7871,49 @@ config_set_auditlog_enabled(int value){
CFG_ONOFF_UNLOCK_WRITE(slapdFrontendConfig);
}
+int
+config_set_maxsimplepaged_per_conn( const char *attrname, char *value, char *errorbuf,
int apply )
+{
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ long size;
+ char *endp;
+
+ if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ errno = 0;
+ size = strtol(value, &endp, 10);
+ if ( *endp != '\0' || errno == ERANGE){
+ retVal = LDAP_OPERATIONS_ERROR;
+ PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is
invalid\n",
+ attrname, value);
+ return retVal;
+ }
+
+ if ( !apply ) {
+ return retVal;
+ }
+
+ CFG_LOCK_WRITE(slapdFrontendConfig);
+
+ slapdFrontendConfig->maxsimplepaged_per_conn = size;
+
+ CFG_UNLOCK_WRITE(slapdFrontendConfig);
+ return retVal;
+}
+
+int
+config_get_maxsimplepaged_per_conn()
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ retVal = slapdFrontendConfig->maxsimplepaged_per_conn;
+ return retVal;
+}
+
#if defined(LINUX)
int
config_set_malloc_mxfast(const char *attrname, char *value, char *errorbuf, int apply)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 9a5a141..cab911a 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -552,6 +552,11 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
rc = LDAP_SUCCESS;
goto free_and_return;
}
+ } else if (LDAP_UNWILLING_TO_PERFORM == rc) {
+ send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "Simple Paged Results Search exceeded administration
limit",
+ 0, NULL);
+ goto free_and_return;
} else {
/* parse paged-results-control failed */
if (iscritical) { /* return an error since it's critical */
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index a7fe2cd..9a78540 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -89,6 +89,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
PagedResults *prp = NULL;
time_t ctime = current_time();
int i;
+ int maxreqs = config_get_maxsimplepaged_per_conn();
LDAPDebug0Args(LDAP_DEBUG_TRACE, "-->
pagedresults_parse_control_value\n");
if ( NULL == conn || NULL == op || NULL == pagesize || NULL == index ) {
@@ -118,6 +119,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
"<-- pagedresults_parse_control_value: corrupted control
value\n");
return LDAP_PROTOCOL_ERROR;
}
+ if (!maxreqs)
+ {
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "pagedresults_parse_control_value: simple paged results
requests per conn exeeded the limit: %d\n",
+ maxreqs);
+ return LDAP_UNWILLING_TO_PERFORM;
+ }
PR_Lock(conn->c_mutex);
/* the ber encoding is no longer needed */
@@ -158,6 +166,14 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
}
}
}
+ if ((maxreqs > 0) && (*index >= maxreqs)) {
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ LDAPDebug1Arg(LDAP_DEBUG_TRACE,
+ "pagedresults_parse_control_value: simple paged results
requests per conn exeeded the limit: %d\n",
+ maxreqs);
+ goto bail;
+ }
+
if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)
&&
!conn->c_pagedresults.prl_list[*index].pr_mutex) {
conn->c_pagedresults.prl_list[*index].pr_mutex = PR_NewLock();
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 8410e66..ea5ff53 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -428,6 +428,8 @@ int config_set_mempool_switch( const char *attrname, char *value, char
*errorbuf
int config_set_mempool_maxfreelist( const char *attrname, char *value, char *errorbuf,
int apply );
#endif /* MEMPOOL_EXPERIMENTAL */
+int config_set_maxsimplepaged_per_conn( const char *attrname, char *value, char
*errorbuf, int apply );
+
int config_get_SSLclientAuth();
int config_get_ssl_check_hostname();
char *config_get_SSL3ciphers();
@@ -613,6 +615,8 @@ int config_get_malloc_trim_threshold();
int config_get_malloc_mmap_threshold();
#endif
+int config_get_maxsimplepaged_per_conn();
+
int is_abspath(const char *);
char* rel2abspath( char * );
char* rel2abspath_ext( char *, char * );
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index b7c6e80..dd4fc68 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2169,6 +2169,8 @@ typedef struct _slapdEntryPoints {
#define CONFIG_CN_USES_DN_SYNTAX_IN_DNS "nsslapd-cn-uses-dn-syntax-in-dns"
+#define CONFIG_MAXSIMPLEPAGED_PER_CONN_ATTRIBUTE
"nsslapd-maxsimplepaged-per-conn"
+
/* getenv alternative */
#define CONFIG_MALLOC_MXFAST "nsslapd-malloc-mxfast"
#define CONFIG_MALLOC_TRIM_THRESHOLD "nsslapd-malloc-trim-threshold"
@@ -2435,6 +2437,7 @@ typedef struct _slapdFrontendConfig {
slapi_onoff_t dynamic_plugins; /* allow plugins to be dynamically enabled/disabled */
slapi_onoff_t cn_uses_dn_syntax_in_dns; /* indicates the cn value in dns has dn syntax
*/
slapi_onoff_t global_backend_lock;
+ slapi_int_t maxsimplepaged_per_conn;/* max simple paged results reqs handled per
connection */
#ifdef ENABLE_NUNC_STANS
slapi_onoff_t enable_nunc_stans;
#endif