From 75bd2accd370d72ffa4ee37ef779e81bedccfad7 Mon Sep 17 00:00:00 2001 From: Sean Coffey Date: Thu, 3 Mar 2011 16:51:03 +0000 Subject: [PATCH] 6750362: Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls 6748156: add an new JNDI property to control the boolean flag WaitForReply Reviewed-by: vinnie, robm --- .../classes/com/sun/jndi/ldap/Connection.java | 16 ++- .../classes/com/sun/jndi/ldap/LdapClient.java | 8 +- .../classes/com/sun/jndi/ldap/LdapCtx.java | 65 +++++++++- .../com/sun/jndi/ldap/LdapRequest.java | 49 ++++++-- .../com/sun/jndi/ldap/NoWaitForReplyTest.java | 118 ++++++++++++++++++ 5 files changed, 231 insertions(+), 25 deletions(-) create mode 100644 jdk/test/com/sun/jndi/ldap/NoWaitForReplyTest.java diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java index 94067617ae1..6ca3ae1d85a 100644 --- a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java +++ b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -380,13 +380,19 @@ public final class Connection implements Runnable { } LdapRequest writeRequest(BerEncoder ber, int msgId) throws IOException { - return writeRequest(ber, msgId, false /* pauseAfterReceipt */); + return writeRequest(ber, msgId, false /* pauseAfterReceipt */, -1); } - LdapRequest writeRequest(BerEncoder ber, int msgId, boolean pauseAfterReceipt) - throws IOException { + LdapRequest writeRequest(BerEncoder ber, int msgId, + boolean pauseAfterReceipt) throws IOException { + return writeRequest(ber, msgId, pauseAfterReceipt, -1); + } - LdapRequest req = new LdapRequest(msgId, pauseAfterReceipt); + LdapRequest writeRequest(BerEncoder ber, int msgId, + boolean pauseAfterReceipt, int replyQueueCapacity) throws IOException { + + LdapRequest req = + new LdapRequest(msgId, pauseAfterReceipt, replyQueueCapacity); addRequest(req); if (traceFile != null) { diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java b/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java index 99f84c0adb3..41a3dfba14b 100644 --- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java +++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -516,7 +516,8 @@ public final class LdapClient implements PooledConnection { LdapResult search(String dn, int scope, int deref, int sizeLimit, int timeLimit, boolean attrsOnly, String attrs[], String filter, int batchSize, Control[] reqCtls, - Hashtable binaryAttrs, boolean waitFirstReply) + Hashtable binaryAttrs, boolean waitFirstReply, + int replyQueueCapacity) throws IOException, NamingException { ensureOpen(); @@ -543,7 +544,8 @@ public final class LdapClient implements PooledConnection { if (isLdapv3) encodeControls(ber, reqCtls); ber.endSeq(); - LdapRequest req = conn.writeRequest(ber, curMsgId); + LdapRequest req = + conn.writeRequest(ber, curMsgId, false, replyQueueCapacity); res.msgId = curMsgId; res.status = LdapClient.LDAP_SUCCESS; //optimistic diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java b/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java index e50ebc0d17a..68b272e10e5 100644 --- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java +++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtx.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -191,6 +191,14 @@ final public class LdapCtx extends ComponentDirContext // Environment property for the domain name (derived from this context's DN) private static final String DOMAIN_NAME = "com.sun.jndi.ldap.domainname"; + // Block until the first search reply is received + private static final String WAIT_FOR_REPLY = + "com.sun.jndi.ldap.search.waitForReply"; + + // Size of the queue of unprocessed search replies + private static final String REPLY_QUEUE_SIZE = + "com.sun.jndi.ldap.search.replyQueueSize"; + // ----------------- Fields that don't change ----------------------- private static final NameParser parser = new LdapNameParser(); @@ -246,6 +254,8 @@ final public class LdapCtx extends ComponentDirContext private Hashtable binaryAttrs = null; // attr values returned as byte[] private int connectTimeout = -1; // no timeout value private int readTimeout = -1; // no timeout value + private boolean waitForReply = true; // wait for search response + private int replyQueueSize = -1; // unlimited queue size private boolean useSsl = false; // true if SSL protocol is active private boolean useDefaultPortNumber = false; // no port number was supplied @@ -1759,8 +1769,8 @@ final public class LdapCtx extends ComponentDirContext SearchControls cons, Continuation cont) throws NamingException { - return searchAux(name, filter, cloneSearchControls(cons), true, true, - cont); + return searchAux(name, filter, cloneSearchControls(cons), true, + waitForReply, cont); } protected NamingEnumeration c_search(Name name, @@ -1928,7 +1938,7 @@ final public class LdapCtx extends ComponentDirContext } private LdapResult doSearch(Name name, String filter, SearchControls cons, - boolean relative, boolean waitFirstReply) throws NamingException { + boolean relative, boolean waitForReply) throws NamingException { ensureOpen(); try { int scope; @@ -1984,7 +1994,8 @@ final public class LdapCtx extends ComponentDirContext batchSize, reqCtls, binaryAttrs, - waitFirstReply); + waitForReply, + replyQueueSize); respCtls = answer.resControls; // retrieve response controls return answer; @@ -2170,6 +2181,10 @@ final public class LdapCtx extends ComponentDirContext connectTimeout = -1; } else if (propName.equals(READ_TIMEOUT)) { readTimeout = -1; + } else if (propName.equals(WAIT_FOR_REPLY)) { + waitForReply = true; + } else if (propName.equals(REPLY_QUEUE_SIZE)) { + replyQueueSize = -1; // The following properties affect the connection @@ -2225,6 +2240,11 @@ final public class LdapCtx extends ComponentDirContext setConnectTimeout((String)propVal); } else if (propName.equals(READ_TIMEOUT)) { setReadTimeout((String)propVal); + } else if (propName.equals(WAIT_FOR_REPLY)) { + setWaitForReply((String)propVal); + } else if (propName.equals(REPLY_QUEUE_SIZE)) { + setReplyQueueSize((String)propVal); + // The following properties affect the connection } else if (propName.equals(Context.SECURITY_PROTOCOL)) { @@ -2312,6 +2332,13 @@ final public class LdapCtx extends ComponentDirContext // Set the read timeout setReadTimeout((String)envprops.get(READ_TIMEOUT)); + // Set the flag that controls whether to block until the first reply + // is received + setWaitForReply((String)envprops.get(WAIT_FOR_REPLY)); + + // Set the size of the queue of unprocessed search replies + setReplyQueueSize((String)envprops.get(REPLY_QUEUE_SIZE)); + // When connection is created, it will use these and other // properties from the environment } @@ -2441,6 +2468,34 @@ final public class LdapCtx extends ComponentDirContext } } + /** + * Sets the size of the queue of unprocessed search replies + */ + private void setReplyQueueSize(String replyQueueSizeProp) { + if (replyQueueSizeProp != null) { + replyQueueSize = Integer.parseInt(replyQueueSizeProp); + // disallow an empty queue + if (replyQueueSize <= 0) { + replyQueueSize = -1; // unlimited + } + } else { + replyQueueSize = -1; // unlimited + } + } + + /** + * Sets the flag that controls whether to block until the first search + * reply is received + */ + private void setWaitForReply(String waitForReplyProp) { + if (waitForReplyProp != null && + (waitForReplyProp.equalsIgnoreCase("false"))) { + waitForReply = false; + } else { + waitForReply = true; + } + } + /** * Sets the read timeout value */ diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/LdapRequest.java b/jdk/src/share/classes/com/sun/jndi/ldap/LdapRequest.java index 2f8e39e5724..23347ac5dc8 100644 --- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapRequest.java +++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapRequest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,8 @@ package com.sun.jndi.ldap; import java.io.IOException; -import java.util.Vector; +import java.util.concurrent.BlockingQueue; +import java.util.concurrent.LinkedBlockingQueue; import javax.naming.CommunicationException; final class LdapRequest { @@ -35,14 +36,26 @@ final class LdapRequest { int msgId; // read-only private int gotten = 0; - private Vector replies = new Vector(3); + private BlockingQueue replies; + private int highWatermark = -1; private boolean cancelled = false; private boolean pauseAfterReceipt = false; private boolean completed = false; LdapRequest(int msgId, boolean pause) { + this(msgId, pause, -1); + } + + LdapRequest(int msgId, boolean pause, int replyQueueCapacity) { this.msgId = msgId; this.pauseAfterReceipt = pause; + if (replyQueueCapacity == -1) { + this.replies = new LinkedBlockingQueue(); + } else { + this.replies = + new LinkedBlockingQueue(replyQueueCapacity); + highWatermark = (replyQueueCapacity * 80) / 100; // 80% capacity + } } synchronized void cancel() { @@ -57,7 +70,13 @@ final class LdapRequest { if (cancelled) { return false; } - replies.addElement(ber); + + // Add a new reply to the queue of unprocessed replies. + try { + replies.put(ber); + } catch (InterruptedException e) { + // ignore + } // peek at the BER buffer to check if it is a SearchResultDone PDU try { @@ -70,6 +89,14 @@ final class LdapRequest { ber.reset(); notify(); // notify anyone waiting for reply + /* + * If a queue capacity has been set then trigger a pause when the + * queue has filled to 80% capacity. Later, when the queue has drained + * then the reader gets unpaused. + */ + if (highWatermark != -1 && replies.size() >= highWatermark) { + return true; // trigger the pause + } return pauseAfterReceipt; } @@ -79,14 +106,12 @@ final class LdapRequest { " cancelled"); } - if (gotten < replies.size()) { - BerDecoder answer = (BerDecoder)replies.elementAt(gotten); - replies.setElementAt(null, gotten); // remove reference - ++gotten; // skip to next - return answer; - } else { - return null; - } + /* + * Remove a reply if the queue is not empty. + * poll returns null if queue is empty. + */ + BerDecoder reply = replies.poll(); + return reply; } synchronized boolean hasSearchCompleted() { diff --git a/jdk/test/com/sun/jndi/ldap/NoWaitForReplyTest.java b/jdk/test/com/sun/jndi/ldap/NoWaitForReplyTest.java new file mode 100644 index 00000000000..4a93ef41ff8 --- /dev/null +++ b/jdk/test/com/sun/jndi/ldap/NoWaitForReplyTest.java @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 6748156 + * @summary add an new JNDI property to control the boolean flag WaitForReply + */ + +import java.net.Socket; +import java.net.ServerSocket; +import java.io.*; +import javax.naming.*; +import javax.naming.directory.*; +import java.util.Hashtable; + +public class NoWaitForReplyTest { + + public static void main(String[] args) throws Exception { + + boolean passed = false; + + // Set up the environment for creating the initial context + Hashtable env = new Hashtable(11); + env.put(Context.PROVIDER_URL, "ldap://localhost:22001"); + env.put(Context.INITIAL_CONTEXT_FACTORY, + "com.sun.jndi.ldap.LdapCtxFactory"); + + // Wait up to 10 seconds for a response from the LDAP server + env.put("com.sun.jndi.ldap.read.timeout", "10000"); + + // Don't wait until the first search reply is received + env.put("com.sun.jndi.ldap.search.waitForReply", "false"); + + // Send the LDAP search request without first authenticating (no bind) + env.put("java.naming.ldap.version", "3"); + + DummyServer ldapServer = new DummyServer(); + + try { + + // start the LDAP server + ldapServer.start(); + + // Create initial context + System.out.println("Client: connecting to the server"); + DirContext ctx = new InitialDirContext(env); + + SearchControls scl = new SearchControls(); + scl.setSearchScope(SearchControls.SUBTREE_SCOPE); + System.out.println("Client: performing search"); + NamingEnumeration answer = + ctx.search("ou=People,o=JNDITutorial", "(objectClass=*)", scl); + + // Server will never reply: either we waited in the call above until + // the timeout (fail) or we did not wait and reached here (pass). + passed = true; + System.out.println("Client: did not wait until first reply"); + + // Close the context when we're done + ctx.close(); + + } catch (NamingException e) { + // timeout (ignore) + } + ldapServer.interrupt(); + + if (!passed) { + throw new Exception( + "Test FAILED: should not have waited until first search reply"); + } + System.out.println("Test PASSED"); + } + + static class DummyServer extends Thread { + + static int serverPort = 22001; + + DummyServer() { + } + + public void run() { + try { + ServerSocket serverSock = new ServerSocket(serverPort); + Socket socket = serverSock.accept(); + System.out.println("Server: accepted a connection"); + BufferedInputStream bin = + new BufferedInputStream(socket.getInputStream()); + + while (true) { + bin.read(); + } + } catch (IOException e) { + // ignore + } + } +} +}