ldap/servers/plugins/replication/repl5.h | 2 +-
ldap/servers/plugins/replication/repl5_agmt.c | 16 +++++++++++++---
ldap/servers/plugins/replication/repl5_agmtlist.c | 2 +-
3 files changed, 15 insertions(+), 5 deletions(-)
New commits:
commit ef63c61bbe0f6c1271da954f2c7b1dd849325d82
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed Aug 22 14:59:33 2012 -0400
Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values.
Bug Description: There is no checking of the value for nsds5ReplicaEnabled either
at startup or with ldapmodify.
Fix Description: Verify the value is either "on" or "off", and
report the
appropriate error message.
https://fedorahosted.org/389/ticket/436
Reviewed by: richm(Thanks!)
diff --git a/ldap/servers/plugins/replication/repl5.h
b/ldap/servers/plugins/replication/repl5.h
index fc756b1..26d0298 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -360,7 +360,7 @@ int get_agmt_agreement_type ( Repl_Agmt *agmt);
void* agmt_get_connection( Repl_Agmt *ra);
int agmt_has_protocol(Repl_Agmt *agmt);
PRBool agmt_is_enabled(Repl_Agmt *ra);
-int agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e);
+int agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e, char *returntext);
char **agmt_get_attrs_to_strip(Repl_Agmt *ra);
int agmt_set_attrs_to_strip(Repl_Agmt *ra, Slapi_Entry *e);
void agmt_set_cleanruv_notified_from_entry(Repl_Agmt *ra, Slapi_Entry *e);
diff --git a/ldap/servers/plugins/replication/repl5_agmt.c
b/ldap/servers/plugins/replication/repl5_agmt.c
index e573d40..9002ff3 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -350,7 +350,11 @@ agmt_new_from_entry(Slapi_Entry *e)
} else if(strcasecmp(tmpstr, "on") == 0){
ra->is_enabled = PR_TRUE;
} else {
- ra->is_enabled = slapi_entry_attr_get_bool(e, type_nsds5ReplicaEnabled);
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning invalid value "
+ "for nsds5ReplicaEnabled (%s), value must be \"on\" or
\"off\". Ignoring "
+ "this repl agreement.\n",tmpstr);
+ slapi_ch_free_string(&tmpstr);
+ goto loser;
}
slapi_ch_free_string(&tmpstr);
} else {
@@ -2519,7 +2523,7 @@ agmt_is_enabled(Repl_Agmt *ra)
}
int
-agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e){
+agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e, char *returntext){
char *attr_val = NULL;
int rc = 0;
@@ -2536,7 +2540,13 @@ agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e){
} else if(strcasecmp(attr_val,"on") == 0){
is_enabled = PR_TRUE;
} else {
- is_enabled = slapi_entry_attr_get_bool(e, type_nsds5ReplicaEnabled);
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_set_enabled_from_entry:
invalid "
+ "value for nsds5ReplicaEnabled (%s), the value must be \"on\" or
\"off\".\n", attr_val);
+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Invalid value for
nsds5ReplicaEnabled, "
+ "the value must be \"on\" or \"off\".\n");
+ slapi_ch_free_string(&attr_val);
+ PR_Unlock(ra->lock);
+ return -1;
}
slapi_ch_free_string(&attr_val);
if(is_enabled){
diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c
b/ldap/servers/plugins/replication/repl5_agmtlist.c
index c0b9664..537cfd8 100644
--- a/ldap/servers/plugins/replication/repl5_agmtlist.c
+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
@@ -492,7 +492,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore,
Slapi_Entry
}
else if (slapi_attr_types_equivalent(mods[i]->mod_type,
type_nsds5ReplicaEnabled))
{
- if(agmt_set_enabled_from_entry(agmt, e) != 0){
+ if(agmt_set_enabled_from_entry(agmt, e, returntext) != 0){
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
"agmtlist_modify_callback: "
"failed to set replica agmt state \"enabled/disabled\"
for %s\n",agmt_get_long_name(agmt));
*returncode = LDAP_OPERATIONS_ERROR;